This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shreyas_Markapu
Explorer
‎2019-03-07 09:00 AM

Automatic Reaction E-mail Query

Hi,

We monitor customer checkpoint for every 4 hours to check for unblocked IPS blade alerts.
I got to know that we can automate  this through E-mail alerts through smart event E-mail automation few questions regarding it.

It's for R77.30.03

1) Do I have to install jumbo hot-fix and is it mandatory.

2) Can we set exclusions for the E-mail alerts that we receive.

3) Under add automatic reactions - under Mail parameters it asks for "from Email" and under it it also asks for outgoing mail server(SMTP).
Can a mail server be configured from our side , can we configure any kind of default outgoing mail server from checkpoint itself or does it have to be configured from client side.

If the mail server has to be configured from the customer environment the E-mail will not be over the VPN and security might be an issue. 

3 Replies
PhoneBoy
Admin
Admin
‎2019-03-09 08:38 AM

I'm not sure what you mean by "unblocked IPS blade alerts" -- please clarify.

As for your other questions:

1. It's highly recommended to be running the latest recommended jumbo hotfix unless you have a very specific reason not to be.

2. Yes you can configure exclusions.

3. The email server must be reachable from the SmartEvent server. How that is accomplished is up to you.

Shreyas_Markapu
Explorer
‎2019-03-09 08:51 AM
In response to PhoneBoy

Thank you
Dameon
In customer's checkpoint under IPS blade we look out if there are any med,high and critical alerts if they are blocked or not. If in case they are not blocked then we take action.

1) Specific reason for not installing jumbo hotfix is we need approval from client to make any kind of change in their checkpoint and it takes a long time and tedious process.

2) Thanks for the Info.

3) Need some more light here about E-mail server being reachable for smart event server.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-09 09:18 AM
In response to Shreyas_Markapu

1. Not specifically required unless you run into an issue that requires installing a hotfix to address. That said, your customer should look at upgrading to R80.20 soon since R77.30.03 will be End of Support in September.

3. Networking 101. Is there a network path between the SmartEvent Server and the desired SMTP server? The specifics of that network path aren't particularly relevant. If one currently does not exist (e.g. MPLS link, VPN), you'll have to configure it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events