- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Re: Automating IPS
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Automating IPS
- Tags:
- automation
- ips
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R80 and R80.10 provide IPS Tags for this behavior. Read more here: How does R80 assist in saving time handling activation of IPS protections?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R80 and R80.10 provide IPS Tags for this behavior. Read more here: How does R80 assist in saving time handling activation of IPS protections?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure how I overlooked that, but this is helpful. I guess now the missing piece is tying this back to a vulnerability scanner, or somehow leveraging the API.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd like to point out there are roughly 1700 tags, but I receive an error when adding more than 32. So if you chose to automatically disable CVSS score of 1.0 - 2.9, that is 20 of the 32 available used up.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you looked at any orchestration tools such as Phantom? We use this for other similar use cases.
Good luck,
Bobby
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is something I have been wanting to look into. Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tomer, is there an update to this thread post Mike's finding of the 32-tag limitation?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tomer Sole is there an update to the 32-tag limitation? Because this one still exists today!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From CPX, if you are on R80.20M2 or R80.30, they now offer something called Smart Threat Profile. It will monitor your traffic and select the IPS that it thinks you need. You can then compare it to your existing policy to choose if you want to use it moving forward. I don't think it's GA yet but you can reach out to threat_smart_profile@checkpoint.com.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds interesting. I just reached out to the mail you provided. Let's see 🙂
I will also attend the CPX in Vienna. Looking forward to it!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe we'll have a demo of it in the Technology Innovation area.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We'll be there.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
I tested the limitation of 32 tags in IPS with R80.20 and R80.30 and it is still the same.
I also could not find any informations about "Smart Threat Profile" in R80.30. So I also asked now in the E-Mail threat_smart_profile@checkpoint.com for more information about it.
When I get updates I will post it here...