This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Eric_Merillat
Contributor
‎2020-02-11 08:54 AM

IPS Analyzer Results

I have read the other posts on the IPS Analyzer out there and realize that the protections listed as Threat Prevention protection # are coming from other blades.  Is there a way to identify what blades these are coming from in the raw files that you run IPS Analyzer on?  What is the best way to identify and remediate these? 

Thanks in advance!

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2020-02-11 06:35 PM

Note that many of the blades use the same engines as IPS.
Specific examples might help.
In general, App Control is the second most likely culprit as it also uses signatures and is in wide use.
0 Kudos
Eric_Merillat
Contributor
‎2020-02-12 06:14 AM
In response to PhoneBoy

This is what my report looks like.  The only blades currently enabled on this Cluster are Firewall, IPS, Anti-Bot, and Anti-Virus.

Critical Load Protections
Protection Name Load Impact
 

 

Threat Prevention protection 21
 

 

 

 

ROBOT TLS_RSA Scanning Attempt
 

 

 

 

Threat Prevention protection 1566
 

 

 

 

Threat Prevention protection 190
 

 

 
High Load Protections
Protection Name Load Impact
 

 

Threat Prevention protection 3
 

 

 

 

Threat Prevention protection 2
 

 

 

 

Threat Prevention protection 1582
 

 

 

 

Threat Prevention protection 1583
 

 

 

 

Threat Prevention protection 1584
 

 

 

 

Threat Prevention protection 1585
 

 

 

 

Threat Prevention protection 1586
 

 

 

 

Threat Prevention protection 1587
 

 

 

 

Threat Prevention protection 1581
 

 

 

 

Threat Prevention protection 1568
 

 

 

 

Threat Prevention protection 1567
 

 

 

 

Threat Prevention protection 1597
 

 

 

 

Threat Prevention protection 135
 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-02-12 08:45 AM
In response to Eric_Merillat

I would open a TAC case.
Guessing these are Anti-Bot related but it's only a guess.
0 Kudos
Raj_Khatri
Advisor
‎2020-03-24 12:46 PM
In response to PhoneBoy

I have these showing up as Critical Protections.  What is the best way to find what these are apart from emailing Omer Shliva?

Threat Prevention protection 421
Threat Prevention protection 362
Threat Prevention protection 398
Threat Prevention protection 433
Threat Prevention protection 913
Threat Prevention protection 902
Threat Prevention protection 903
Threat Prevention protection 881

0 Kudos
PhoneBoy
Admin
Admin
‎2020-03-25 10:55 PM
In response to Raj_Khatri

That's probably the best way.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events