This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kleppard
Explorer
‎2021-02-15 12:23 PM

IPS Staging - Clear Filtered Protections

Hi All,

We have a customer who are running on our R80.20 MDS and have the IPS Blade. Over the last couple of years they have been running IPS Updates and Protections have been brought in into Staging Mode, however these have not then been reviewed and an action set.

We are now in a position where we have just over 11k protections with 10k in staging mode (Picture Attached) We have updated the settings to clear staging mode on any new updates however we would like to set the recommended actions based on profile to all of the existing protections.. however we would like to filter this out to specific criteria each time e.g.

Window 1 - Clear protections from Staging Mode - Severity: Critical, Confidence: High, Performance Impact: Low

Window 2 - Clear protections from Staging Mode - Severity: High, Confidence: Medium, Performance Impact: Low

and so on..

I understand there is an option for profile clean up to remove all staging which is great however we do not want to apply it to all signatures at once and the alternative I can see is to filter down manually and highlight the protections however we can only do 200 at a time in the Smart Console.

Does anyone know of a way we can clear staging per filter?

Thanks in advance

 

 
 

 

0 Kudos
5 Replies
Shiran_Gold
Employee
Employee
‎2021-02-16 03:05 AM

Hey,

using GUI there is no way to change per type, other than the way you mentioned - filter and manually change (which is indeed limited to 200).

I believe you will be able to achieve that by building a script using threat-protections API.

 

thanks,

Shiran

0 Kudos
kleppard
Explorer
‎2021-02-16 03:52 AM
In response to Shiran_Gold

Hi Shiran,

Thanks for getting back to me - are you aware of any API Scripts that have been created for this?

 

Thanks

Kieran

0 Kudos
Shiran_Gold
Employee
Employee
‎2021-02-17 12:10 AM
In response to kleppard

Hey,

unfortunately no,

 

To be honest, I would do it manually.

per window 1 request, there are 183 signatures available 

per window 2 there are 283 available 

(see attached pictures)

 

I understand the some windows may take more than 2-3 iterations..  but IMO its the fastest way 🙂

hope this helps.

Thanks,

Shiran

 

 

 

 

Preview file
29 KB
Preview file
29 KB
0 Kudos
kleppard
Explorer
‎2021-02-17 12:18 AM
In response to Shiran_Gold

Hi Shiran,

Thanks for the response - unfortunately the real window 2 is over 3000 signatures, I will take a look into the API and report back if I manage to find a solution

Kieran

0 Kudos
Shiran_Gold
Employee
Employee
‎2021-02-17 12:34 AM
In response to kleppard

thanks for your feedback.

I wonder what's the difference from what I saw.

 

let me know if you encounter issues.

you are welcome to contact me offline too and I hope I will be able to assist if needed.

 

wish you a great day.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 10:00 AM (CEST)

    CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    CheckMates Events