Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tetsu
Explorer

The meaning of null in action field for SmartDefense

Hi.  now I need to design security rules in  SIEM for checkpoint SmartDefense(IPS)

In order to do so,    i need to know why some SmartDefense log does not have type of action such as accept in it.

based on action, i 'd like to catch events to create an alert in SIEM.

 

 

0 Kudos
6 Replies
Timothy_Hall
Champion
Champion

I think these are related to alerts that notify concerning some kind of event, but do not directly block traffic.  Can you please provide a properly-redacted screenshot of an example?

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Tetsu
Explorer

Hi, thank you for the reply.

The log now I see in SIEM is really close to " 3.CheckPoint" in a post.

 

0 Kudos
PhoneBoy
Admin
Admin

What Tim is asking for is a screenshot of the redacted log entry from SmartView/SmartConsole.
0 Kudos
Tetsu
Explorer

Hi,  Thank you for the reply.

Unfortunately,  I can not provide with it, because it includes my customer information.

This is why I just showed a sample in  a post.

0 Kudos
Timothy_Hall
Champion
Champion

"Close" is not good enough and will just lead to fruitless speculation.  Please blur out or redact any sensitive data and post a screenshot of what you are seeing.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
PhoneBoy
Admin
Admin

This is why we suggested redacting the sensitive information in the screenshot before posting it.
If you don't wish to post it, I recommend opening a case with the TAC.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events