Notify on high rate of blocked connections
The automation notifies upon high number of connections from the same origin machine that were either rejected or dropped. A parameter to count connections by origin can be set using the automation parameters. The notification includes details on number of connections in the time duration.
Supported Product
Check Point Security Management Server (Quantum)
|
|
Note - Make sure that you have enabled Log Sharing in On-boarding the On-premises Check Point Security Gateway. |
Parameters
|
Number of dropped or rejected connections |
Set the number of dropped or rejected connections after which the system notifies the Administrator. |
|
In time duration |
Set the time duration for the blocked connections. |
|
Count for each origin individually? (‘no’ means count in total for any origin) |
Select the checkbox if you want to count failures by each origin individually. |
|
Open a ticket if high rate of blocked connections was identified |
Select the checkbox if you want to open a ticket when high rate of blocked connections was identified. |
Trigger
When the number of blocked connections match the specified value in the automation parameters.
To view the example of this log, click Run.
Flow
