This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
InfrasecConsult
Participant
‎2024-06-03 04:47 AM
Jump to solution

Custom Intelligence Feeds - Traffic is blocked but not seen in logs

I've added a Custom Intelligence Feed by Importing it in SmartConsole. The feed works 100% and I can confirm that the traffic from a test source is blocked when the source IP is in the Custom Feed. If the IP is removed the Test Source can access resources behind the Gateway again.

However when the Test Source is part of the Custom feed and access is blocked, I don't find any logs showing the blocked connection at all.  Any idea why there is "No Logging"? Or am I missing something as this is my first time implementing it this way.

The Gateway and Management Server is on R81.20 Take 53

Thanks

0 Kudos
1 Solution

Accepted Solutions
InfrasecConsult
Participant
‎2024-06-04 03:38 AM
In response to the_rock
Jump to solution

Issue now resolved. Yes, it definitely logs the  blocked traffic under Anti-Bot/Anti-Virus blade (The Custom Feed is a list of IP addresses)

The Custom Threat Prevention Policy where the Tracking is set to LOG did not have AntiBot enabled, only IPS. I added AntiBot and re-installed the Policy and received the Logs of the Blocked Traffic for traffic sources within the Custom Feed 

View solution in original post

0 Kudos
2 Replies
the_rock
Legend
Legend
‎2024-06-03 09:57 AM
Jump to solution

I dont believe those will show you any logs, as there are not part of any rules. 

Andy

0 Kudos
InfrasecConsult
Participant
‎2024-06-04 03:38 AM
In response to the_rock
Jump to solution

Issue now resolved. Yes, it definitely logs the  blocked traffic under Anti-Bot/Anti-Virus blade (The Custom Feed is a list of IP addresses)

The Custom Threat Prevention Policy where the Tracking is set to LOG did not have AntiBot enabled, only IPS. I added AntiBot and re-installed the Policy and received the Logs of the Blocked Traffic for traffic sources within the Custom Feed 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events