Revision History
This topic lists chronological updates made to the content, including new features, enhancements, and documentation improvements. It provides a historical overview of changes across Events & AIOps capabilities.
Introduction to Events & AIOps
Check Point Events & AIOps (formerly Infinity Events) is a centralized platform that provides a unified, intuitive interface for viewing and managing security events across a broad range of Check Point products. It streamlines event monitoring and investigation by presenting consolidated log data and standardized terminology, regardless of the product generating the event.
Supported Products
Lists the Check Point products supported by Events & AIOps.
Key Use Cases
This topic outlines monitoring, attribution, reporting, and ingestion capabilities supported by Events & AIOps.
Getting Started
This topic provides the initial steps required to begin working with the system. It guides users through basic setup and access procedures.
Creating an Account in the Check Point Portal
This topic describes the purpose of the Check Point Portal and provides guidance on creating an account. It summarizes the capabilities available through the portal interface.
Accessing the Events & AIOps Administrator Portal
This task describes how to access the Events & AIOps Administrator Portal. It guides users through portal login and initial setup steps.
Licensing the Product or Start a Trial
This topic explains licensing requirements for using the product and provides references for entitlement and log sharing information.
Specific Service Roles
This topic describes the specific service roles supported and how to access them in the system interface.
Overview
The Overview page shows the overview of security events for the Check Point products you are subscribed to in Check Point Portal.
Security Events
This topic describes the Security events widget and the information it displays.
Assets
This topic describes the Assets widget and the information it displays in the dashboard.
Total Attacks Count
This topic describes the Total attacks count widget and its function in displaying detected and prevented attacks.
Events Breakdown
This topic describes the Events breakdown widget and its display of event counts per product.
Security Events Per Service
This topic describes the Security events per service widget and explains the information it displays.
Threat Prevention Attacks
This topic describes the Threat prevention attacks widget and its displayed event information.
Access - Top Applications
This topic describes the Top Applications widget, which displays data consumption by users and applications.
Overview Dashboard for MSPs
This topic describes the MSP-specific widgets and options available in the Overview dashboard.
Logs
The Logs page provides a unified interface to view security events of products supported by Events & AIOps.
Viewing MSP Child Account Events
This topic explains how to view events for specific MSP child accounts.
Statistics
This topic describes the Statistics pane and the options available for viewing and filtering event data.
Logs Table
This topic describes the fields available in the Logs table. It provides details about default and additional event fields.
Managing the Logs Table
This topic describes how to view log details and manage columns in the Logs table. It provides steps for adding, removing, and sorting table columns.
Viewing Logs for a Time Period
This topic describes how to view log data for a specified time period in the Logs table.
Searching for Events
This task describes how to search for events using free text or filters.
Adding a Search Query to Favorites
This task describes how to add a search query to the Favorites list. It also explains how to view saved favorite queries.
Exporting Logs
This task describes how to export events from the Logs table to CSV or JSON formats.
Card
This topic describes the Card pane, which displays event details for a selected item in the Logs Table.
API Support-Events & AIOps
This topic explains how to access the Events & AIOps API using the Check Point API Reference.
Log Ingestion
This topic describes the Log Ingestion page and the information it displays. It summarizes how log volume is presented for supported products.
View the Log Ingestion page
This task describes how to access the Log Ingestion page and view ingestion data. It also explains how to view data for a specific product.
Export the log ingestion details
This task explains how to export the log ingestion details from the system. It guides you through generating a PDF export.
Average Monthly Ingestion
This topic describes the Average Monthly Ingestion widget and how it displays log volume data in Infinity Cloud Events. It also explains how to view monthly ingestion details.
Daily Log Ingestion
This topic describes how to view daily log ingestion information in Infinity Cloud Events. It explains how to examine logs for specific days, products, months, and custom time periods.
Reports
This topic describes the Reports page and the available report types. It also explains how to access the Reports page in the portal.
Generating Reports On Demand
This topic explains how to generate and download the Security Report Summary on demand from the Reports section. It provides step-by-step instructions for immediate or later download.
Sending Reports
This topic explains how to send a report to selected users. It guides you through choosing the report, configuring parameters, and sending it.
Scheduled Reports
This topic describes the Scheduled Reports section and the items shown in the Scheduled Reports table. It explains the properties and configuration details available for scheduled reports.
Adding a Scheduled Report
This task explains how to add a scheduled report by configuring report type, schedule, recipients, and recurrence. It guides administrators through each step required to generate and deliver scheduled reports.
Managing Scheduled Reports
This topic describes how to edit, search for, and delete scheduled reports. It provides step-by-step instructions for managing report schedules.
Reports for MSPs
This topic describes how MSPs can generate and schedule reports for their child accounts. It provides an overview of report types and access instructions.
Generating Reports On Demand
This task describes how to generate and download the Security Report Summary on demand. It includes selecting report parameters and accessing generated reports.
Sending Reports
This task describes how to send a report to selected users or accounts. It outlines the steps to configure report parameters and recipients.
Scheduled Reports
This topic describes the Scheduled Reports section and its function for generating and emailing summary reports. It provides an overview of what the Scheduled Reports table displays.
Scheduled Report Settings
This topic describes configuration items for scheduled reports. It provides details for each field used when defining recurring report delivery.
Adding a Scheduled Report
This task explains how to add a scheduled report and configure its settings. It guides administrators through report type selection, recipients, recurrence, and saving the configuration.
Managing Scheduled Reports
This topic describes how to edit, search for, and delete scheduled reports. It provides the required steps for managing scheduled report settings.
AIOps - Introduction
This topic introduces AIOps, which provides monitoring, dashboards, and alert visibility for Check Point assets. It summarizes key benefits and common use cases.
Onboarding AIOps (Automatic Mode)
This topic describes how to onboard and monitor assets automatically by connecting the Security Management Server to an Infinity Portal account.
Prerequisites
This topic lists the required prerequisites before beginning the related procedure. Ensure that all steps are completed to avoid configuration issues.
Supported Asset Versions
This topic lists the asset versions supported for onboarding IAIOps. It includes supported versions, topologies, and related notes.
Connectivity Requirements
This topic lists required outbound connections, static IPs, and portal URLs needed for data transmission to the Infinity AIOps environment. It provides region-based connectivity details for proper configuration.
Onboarding Procedure
This procedure describes how to onboard Infinity AIOps in automatic mode. It guides users through SmartConsole and portal steps to complete the onboarding process.
Disable the connection between gateways and Infinity Portal
This task describes how to disable the connection between the gateways and the Infinity Portal. Follow the steps to turn off the Gateways Connector integration.
Known Limitations
This topic describes known limitations and provides a link to additional details. It directs users to the relevant SecureKnowledge article.
AIOps - Overview
This topic describes the Overview page in AIOps and explains how to access and interpret its displayed asset information.
Health of Gateways and Servers
This topic describes the Health of Gateways & Servers widget and the information it displays. It summarizes visual indicators and status data for connected assets.
Top 5 Assets
This topic describes the Top 5 assets widget and the categories it monitors to help reduce resource utilization. It summarizes key asset utilization metrics displayed in the interface.
Health Over Time
This topic describes the Health over time widget and how it displays asset health status over a selected time period.
Asset Dashboard
This topic describes the Asset Dashboard and explains how to view asset information across multiple categories. It also provides steps to access and use the dashboard.
System
This topic describes the system monitoring widgets available in the interface. It summarizes the information displayed by each widget.
Network
This topic describes the network-related monitoring widgets available in the interface and their displayed metrics. It summarizes concurrent connections, throughput, drops, and connection rate information.
Interfaces
This topic describes interface-related widgets and provides details for tables showing interface properties and traffic metrics.
VPN
This topic describes VPN monitoring widgets and timelines available for supported asset types. It provides an overview of VPN throughput, probe status, and tunnel status visualization.
Hardware
This topic describes hardware sensor monitoring widgets and their displayed data. It includes temperature, voltage, and fan sensor information.
CloudGuard
This topic describes the CloudGuard tab and its associated widgets, including CME, Controller, Scale Events, and License Utilization. It explains the information each widget displays for monitoring cloud management components.
Alerts
This topic describes the Alerts page and the information shown for monitored assets. It also explains filtering and search options for alerts.
Integration with Playblocks
This topic describes how Infinity AIOps integrates automatically with PlayBlocks when connected through the Infinity Portal. It also explains notification behavior and configuration options.
Insights
This topic describes Insights, which identify anomalies and provide recommendations to improve system performance and uptime.
Insights Over Time
This topic describes the Insights Over Time widget. It explains how it displays the number of insights generated over a selected time period.
Insights Table
This topic describes the fields shown in the Insights table and explains actions available for interacting with insights.
Gateways & Servers
This topic describes the Gateways & Servers page and how to access it in the administration portal. It provides an overview of the monitored gateways and servers display.
Adding an Asset
This task explains how to add an asset to the system and begin monitoring it. Follow the steps to select and enable monitoring for unmonitored assets.
Removing an Asset
This task describes how to remove an asset from the system and stop its monitoring. It explains the required actions and the resulting behavior after removal.
Reactivating an Asset
This topic explains how to reactivate a monitored asset. It provides a reference link for additional guidance.
Threat Prevention
This topic describes the Threat Prevention dashboards that display statistics of threat preventionEvents & AIOps events across subscribed products. It outlines the dashboard categories and the products currently supported.
Web Security
This topic describes the Web Security dashboard and explains how to access it. It summarizes the available product data and the time‑filtering options.
Web Security - General
This topic describes the General widget for Web Security events and how to view related logs. It provides visual examples of event summaries and categories.
Attacks Timeline
This topic describes the Attacks timeline widget and its visualization of threat prevention events. It provides an overview of how trends are displayed for a selected time period.
Top Blocked Resources
This topic describes the Top blocked resources widget and its display of the most frequently blocked web resources. It also explains how to view detailed event information.
Top Attacked Assets
This topic describes the Top attacked assets widget, which shows the top assets based on threat prevention events. It explains each item displayed in the widget.
Web Security - ThreatCloud AI Global Insights
This topic describes the global insights related to web security provided by the ThreatCloud AI. It summarizes key types of information displayed in the global insights widget.
File Security
This topic provides an overview of the File Security dashboard and its displayed threat prevention events. It summarizes the supported products and available data views.
View the File Security dashboard
This task describes how to access and view the File Security dashboard. It explains the navigation path and available time‑range filters.
File Security - General
This topic describes the General widget for File Security threat prevention events. It explains the displayed information and how to view associated logs.
Threat Emulation
This topic describes the Threat Emulation widget and its displayed information. It explains how to view threat prevention event logs.Events & AIOps
Top Malicious File Types
This topic describes the Top malicious file types widget and how to view related threat prevention logs. It explains how the widget displays file type statistics and how users can interact with it.
Attacks Severity
This topic describes the Attacks severity widget and how to view logs for each severity level. It explains how severity distribution is presented in the widget.
Attacks Timeline
This topic describes the Attacks Timeline widget and shows how it presents trends of threat prevention events over a selected period.
Top Malware Families
This topic describes the Top malware families widget and how to view logs for specific malware families. It helps users understand displayed threat prevention data.
Top Malicious Files
This topic describes the Top malicious files widget and its table fields used to view details about malicious file events.
File Security - ThreatCloud AI Global Insights
This topic describes the global insights displayed for file security using the ThreatCloud AI. It summarizes the statistics and threat information provided by the insights widget.
Threat Prevention Report
This topic describes the Threat Prevention Summary report and the products it covers. It provides an overview of supported product information and where to generate the report.
Appendix A - AIOps Alerts
The following table lists alerts generated by AIOps and describes what each alert indicates.
Appendix B - AIOps Metrics Repository
The following table lists all metrics that AIOps receives from servers.