I have the following queries regarding some of the limitations of Checkcpoint. Please clarify if you are aware of the solutions:
- Is it possible to block the DNS request for the particular malicious domain instead of blocking the entire external dns communication. The rule should be source:Internal DNS server, destination:External DNS server, domain:malicious domain, service:udp/53, action:block
- I was trying to integrate the Sandblast logs to the local log server. Once integrated local firewall daemon crashing continuously. What we need is only logs/alerts related to malicious attachments/urls instead of all the beningn verdict logs. I don't see any such configuration feature in the Sandblast portal.
- We are developing our own portal so we are using log exporter tool to export all the logs from the log server. We also want to export gateway health/traffic statistics to our portal. Is there any API funtionality available for the same.