Block common scanner identified by IPS
The automation blocks scanners across the organization and is triggered by scans that are detected by IPS blade with very high confidence. The notification includes information on the scan and the scanner.
Supported Product
Check Point Security Management Server (Quantum)
Parameters
|
IP Block duration (if admin's approval is required) |
Set the expiration period for the automation. This applies only if you have selected the Admin's approval is required for blocking scanning IP checkbox. After the expiration, Infinity Playblocks sends the notification for the Administrator's approval. |
|
IP block duration (automatic prevention) |
Set the expiration period for the automations that are executed automatically (without the Administrator's approval). The default duration is 1 day. |
|
Admin's approval is required for blocking scanning IP |
Select the checkbox if you want Administrator's approval to execute the automation. Check Point recommends that you leave Admin's approval is required for blocking scanning IP checkbox unselected. |
Trigger
Matching common scanner identified by IPS.
To view the example of this log, click Run.
Flow
