Block DDoS attack detected by DDoS Protector

The automation blocks attackers across the organization and is triggered by attacks that are detected by DDoS Protector. The notification includes information on the attack and the attacker. More parameters can be set using the automation parameters such as the block duration, whether the block is automatic or upon administrator' approval, and so on.

Supported Product

Check Point Security Management Server (Quantum)
Check Point Quantum DDoS Protector

Parameters

IP block duration

Select the expiration period for the blocked IPs.

The default duration is 1 day.

Admin's approval is required for blocking DDoS attackers

Select the checkbox if you want administrator's approval to execute the automation.

Best Practice - Check Point recommends that you leave Admin’s approval is required for blocking DDoS attackers checkbox unselected.

Trigger

Attack identified by Quantum DDoS Protector.

To view the example of this log, click Run.

Block DDoS attack detected by DDoS Protector

Supported Product

Parameters

Trigger

Flow