Will it work with SMS R80.40? I'm getting the following warning

Getting the following error -->  does SME need to be on its own server and not part of management?

SME_curl_cli -s -d 'sort=time desc,sequencenum desc&rows=500&fl=severity,https_inspection_action,performance_impact,product,dst,smartdefense_profile,src,confidence_level,type,orig_log_server,orig,marker,stored,domain,protection_name,id&fl=CoreName:[shard]&shards.info=true&is_smartevent_machine=true&q=*:*&fq={!cache=false cost=50}time:[2020-03-16T22:10:43.152Z TO 2020-03-23T22:10:43.152Z]&fq={!cache=false cost=99}protection_name:[* TO *]&TZ=Asia/Jerusalem&shards=http://127.0.0.1:8210/solr/firewallandvpn_2020-03-16T00-00-00&time_from=2020-03-16T00:00:00.000+02:0... text_r text_i&wt=json&indent=true' https://127.0.0.1:8210/solr/template/select

Which error do you see? 

The text you sent is the query text. Do you want to share a screenshot?

Thanks

Here is the error from the logs.  

Asaf

Ran the code in the shell came back with 0 items, so it should not have been a failure, but just 0  items reterieved.  The way it looked in the logs, you would think it was broken.

R80.40 & yes Smart Event is on.  

Think it was a false positive again because the results of the query is 0, but it shows as a failure in the logs.

Thanks

I am running 

Product version Check Point Gaia R80.40 take 294
OS build 294
OS kernel version 3.10.0-957.21.3cpx86_64
OS edition 64-bit

I used the link in the SK164812 for the extension

I have a virtualized lab on R80.30 T155, based on a MGMT and a single GW, it has a simple permission rule allowing passing all traffic.

The Threat Prevention rule is very simple, scope ANY, OPTIMIZED profile, protections in DETECT, Blades A-BOT, IPS, Threat Emulation and AV enabled, log, Packet capture and forensics, I have generated not only traffic logs but also Threat logs through Check Me (both for network and endpoint) on a machine connected behind the GW and I have generated both traffic and Threat logs so that when I enabe the extension I can analyze them.

The problem I have is that it does not return anything, it does not give me any error in the different phases since I enabled the extension, but it tells me that I have 0 protections without HITS in DETECT for PREVENT, 0 protections with HITS in DETECT for PREVENT and It has recognized no application so it does not generate any profile for me, however the Threat Prevention and App logs are there.

I launch Tailored safe with admin, as super-user.

I have tried to deactivate Blades and reactivate them, put TE, IPS and A-BOT in Detect Only and launch it, put everything back in “according to policy”, reinstall the extension from the repository mentioned by SK, to check that the logs are there and grow,… ..

¿Do i have to enable Smart Event / Smart Event correlation or something else in the SMS?, based on the SK that describes the extension this is no needed.

Hey all,

as always - CheckMates community are getting the first updates 🙂

we have finished the version for Nessus scanner integration into the extension

https://secureupdates.checkpoint.com/appi/tailoredsafe_V2/extension.json

as you can see the link is different from the main version - we didnt integrated it yet due the fact we first want your inputs on it.

we welcome you to use this version and send us your inputs. 

FYI - most of the inputs from the community members has been addressed and:

• fixed specific cases for customers in a dedicated session  + deploy the fix to the main version
• use your inputs to change the methods we work + plan our next mile-stones of the project

KEEP SAFE!

Oren & TailoredSafe Team

Wait for another Vendor support (For example: Rapid7 ).

Hi All,

Does Tailoredsafe work on a CMA/DMS ? I've tried it on a couple of DMS that have SmartEvent enabled but I'm getting 0 0 0 no changes required.

Please let me know MDS is R80.30 JHF111 currently

thanks

Peter