This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Oren_Koren
Employee Alumnus
Employee Alumnus
‎2019-08-17 12:05 PM

IPS utilization report - Smart View

Hey all,

I believe that most of us that enabled IPS in our environment, asked one of the following questions:

  • "if I will move to prevent, what will happen to my network"
  • "Should I do it a step-by-step? how?"
  • "is there any tool that i can use to eliminate any potential impact on my network"

for those question we have created multiple documentations with formal procedures.

Now, we have created a new Smart View report that allows you to understand your IPS utilization status and base on different step-by-step procedures, utilize the blade for maximum protection and minimum business impact.

You can download the CPR file (for Smart-View) from the following link:

https://gofile.io/?c=DBShEe

If you want to influence, you are welcome to replay to this blog with any insight or change you believe we need to add/change. we will change the report based on your needs and will upload a new one until we will have a report that will be release as part of the next GA + Jumbo.

Thanks,

Oren

Page1.JPGPage2.JPGPage3.JPG

 

 

 

 

 

 

IPS_Utilization_Report1.1.zip
7 Replies
MikeB
Advisor
‎2019-08-20 05:28 AM

Really a very useful view within SmartEvent. Thanks for sharing!.
Could you also share what are the documents with formal procedures that you mention were already created??
0 Kudos
Oren_Koren
Employee Alumnus
Employee Alumnus
‎2019-08-20 11:50 PM
In response to MikeB

Hey,

this post will assist 🙂

https://community.checkpoint.com/t5/Taiwan%E8%AB%96%E5%A3%87/New-IPS-Best-Practice-Guide-for-R80-10/...

have you managed to import the template? any inputs/changes needed?

 

Thanks,

Oren

 

0 Kudos
Danny
Champion Champion
Champion
‎2019-08-21 12:18 AM

For all the IPS protections mentioned in the report the IPS detail descriptions including CVE numbers should be included as well. These are shown in the IPS protections list within SmartConsole but are not part of any report.

When sitting in C-level meetings to decide which IPS protections the firewall admins have to take care of and change from detect to prevent most people don't know what a specific IPS protection does, how critical the relevant protection is and so on. For two years now we are screen shotting the IPS protection details manually and include them in the report as image references, which is a very time consuming process.

Oren_Koren
Employee Alumnus
Employee Alumnus
‎2019-08-22 06:54 AM
In response to Danny

Hey,

added the CVE into the report (see the attached image)

can you please elaborate on the second thing a bit more?Page3_2.JPG

Thanks,

Oren

Danny
Champion Champion
Champion
‎2019-08-27 02:09 AM
In response to Oren_Koren

@Oren_Koren ,

the second thing was about the IPS Threat Description as shown here:

image.png

How can we add this to the SmartEvent report?

Oren_Koren
Employee Alumnus
Employee Alumnus
‎2019-08-29 09:16 AM
In response to Danny

Hey,

the data we have in the log is name of the signature only.

we cant query from Smart-View on the IPS signatures DB that is presented in the list of IPS protections.

does the name and information on the signature is not enough? i just think on the quantity of text that we will present in the report and it will be A LOT

 

what do you think?

 

Thanks,

Oren

 

0 Kudos
frankcar
Contributor
‎2021-08-19 05:08 AM
In response to Oren_Koren

Hi hope you dont mind,

your report is great for helping me out.

I change the report to show prevented attacks and top sources.

attached it below if it helps anyone out.

_IPS_Protections_Activated_Aug_19__2021_13_04_15_270_PM.zip

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events