Block attackers upon IPS detection of popular attacks
The automation blocks attackers across the organization and is triggered by popular attacks that are detected by IPS. The notification includes information on the attack and the attacker. More parameters can be set using the automation parameters such as the block duration, whether the block is automatic or upon administrators approval, and more.
Supported Product
Check Point Security Management Server (Quantum)
Parameters
|
IP Block duration (if admin's approval is required) |
Set the expiration period for the automation. This applies only if you have selected the Admin's approval is required for blocking attacking IP checkbox. After the expiration, Infinity Playblocks sends the notification for the Administrator's approval. |
|
IP block duration (automatic prevention) |
Set the expiration period for the automations that are executed automatically (without the Administrator's approval). The default duration is 1 day. |
|
Admin's approval is required for blocking attacking IP |
Select the checkbox if you want Administrator's approval to execute the automation. Check Point recommends that you leave Admin's approval is required for blocking attacking IP checkbox unselected. |
Trigger
Matching attacking IP address identified by IPS blade with high confidence.
To view the example of this log, click Run.
Flow
