Block attacking IP with malicious reputation identified by IPS
The automation blocks attackers across the organization that are flagged as malicious by IP reputation services and is triggered by attacks that are detected by IPS. The notification includes information on the attack and the attacker.
Supported Product
Check Point Security Management Server (Quantum)
Parameters
|
IP Block duration (if admin's approval is required) |
Set the expiration period for the automation. This applies only if you have selected the Admin's approval is required for blocking attacking IP checkbox. After the expiration, Infinity Playblocks sends the notification for the Administrator's approval. |
|
IP block duration (automatic prevention) |
Set the expiration period for the automations that are executed automatically (without the Administrator's approval). The default duration is 1 day. |
|
Admin's approval is required for blocking attacking IP |
Select the checkbox if you want Administrator's approval to execute the automation. Check Point recommends that you leave Admin's approval is required for blocking attacking IP checkbox unselected. |
Trigger
Matching attacking IP with malicious reputation identified by IPS.
In this automation, the log is triggered not only by the log itself but also by verifying if the IP is flagged as malicious by IP reputation services.
To view the example of this log, click Run.
Flow
