Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
clear_ip_bgp
Explorer

Export Source/DST/Service of a specific Rule [Other Way]

Objective: To Create more specific Rule

I have a rule in a rulebase that accepts all traffic from a S:Any D:RFC 1918 Service:Any (Not Actual). In order for us to extract source/destination/services that hit the rule we use the smartview logs and create rules base the exported data.

Is there other way of accomplishing the objective? I looked into connStat but only shows the active connections so its not as accurate as the logs cause logs can be filtered up to 30days.  I would like to place remove this Any Any rule and replace it with a Drop but first need to get all legitimate services that should be allowed.

Thanks

0 Kudos
1 Reply
Chris_Atkinson
Employee
Employee

There is a service offered by our professional services team that does similar through extensive log analysis.

With that said, how do you know the traffic is "legitimate" to allow it?

0 Kudos