This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AngeloP
Participant
‎2022-03-21 06:17 AM

CheckPoint IPS - Automatically Block IP when a specific signature is triggered

Hello,

 

I would like to ask if it's possible to set up a setting for specific Protections that allows to automatically block the IP that triggered a specific Protection, like for example for Scans - we would like to be able to automatically block IP's that triggered specific scanning signatures - as in adding them to a blacklist temporarily or until someone removes the ip from it, is that possible?

Labels
0 Kudos
1 Reply
Marcel_Gramalla
Advisor
‎2022-03-21 07:29 AM

If you have a SmartEvent license you can do that pretty easily. You have to create a Event definition with the Protection you want to trigger:

ips.JPG

In our case this was used for the Log4j issue. With the automatic reactions you can block the IP for a desired time (max. 4 weeks I believe).