Block attacking IP with malicious reputation identified by WAF Application Security

This topic describes the automation that blocks attacking IP addresses identified with malicious reputation and outlines supported products, parameters, trigger details, and flow.

Supported Products

  • WAF Application Security

  • Check Point Security Management Server (Quantum)

Parameters

IP block duration (if admin's approval is required)

Set the expiration period for the automation. This applies only if you have selected the Admin's approval is required for blocking attacking IP checkbox. After the expiration, Playblocks sends the notification for the administrator's approval.

IP block duration (automatic prevention)

Set the expiration period for the automations that are executed automatically (without the administrator's approval). The default duration is 1 day.

Admin's approval is required for blocking attacking IP

Select the checkbox if you want administrator's approval to execute the automation. Check Point recommends that you leave Admin's approval is required for blocking attacking IP checkbox unselected.

Trigger

Matching attacking IP with malicious reputation identified by WAF Application Security.

To view the example of this log, click Run.

Flow