This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mikel_Aanstoot
Contributor
‎2018-11-25 03:34 AM

Event Policy, Legacy

Hi, as briefly mentioned in my latest question we have moved from R77.30 to R80.10. In the Smart Event Policy we have noticed that for Thread Prevention some automatic reactions have moved to Legacy folder. Legacy suggest "old" and maybe superseded by something else. I cannot find any other setting however. Is this still a useful to configure in Legacy ?

Also is there a way to define the severity ourselves ? Header Rejection we find not ourselves not Cricital but DNS trap (which has severity low) we find high or critical ?

kind regards,

Mikel

3 Replies
PhoneBoy
Admin
Admin
‎2018-11-25 09:23 AM

Not sure why SmartEvent has those in Legacy. 

Kfir Dadosh‌?

It's not currently possible to redefine specific IPS protections with a different severity.

0 Kudos
Mikel_Aanstoot
Contributor
‎2018-11-30 04:40 AM

A bit more familiair now with the new Smart Event  Dashboard of R80.10 but I would like to set automatic reactions like mail alert again in Smart Event in case of Virus Incident but with exceptions because I want only very specific email alerting. I had this also in R77.30 but for some reason is exclude Any not supported anymore ? Well to be exact, it looks like it does not allow any NET or group. I want to exclude any source and any destination for a specific protection name and protection type but is not allowed. Also I would like to have alerting only from Severity High and Critical. Unfortunately also this is still not possible. Anyone also experiencing the same ?

Mikel_Aanstoot
Contributor
‎2018-12-06 11:56 PM
In response to Mikel_Aanstoot

Sharing some info, I have learned that for having different alerting for different severity for the same threat is done by manually create an event based on the existing threat event. So I will play around with that. If anybody has any experience and tips for this I am interested. Would be nice to hear some best practices used by others.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top