Download Complete PDF Send Feedback Print This Page

Previous

Synchronize Contents

Next

Anti-Bot and Anti-Virus in SmartEvent

Related Topics

Event Analysis in SmartEvent or SmartEvent Intro

Viewing Information in SmartEvent

Anti-Bot and Anti-Virus Reports

Viewing Information in SmartEvent Intro

Event Analysis in SmartEvent or SmartEvent Intro

SmartEvent and SmartEvent Intro supply advanced analysis tools with filtering, charts, reporting, statistics, and more, of all events that travel through enabled Security Gateways.

You can filter the Anti-Bot and Anti-Virus information for fast monitoring and useful reporting on connection incidents related to them.

  • Real-time and historical graphs and reports of Anti-Bot and Anti-Virus incidents.
  • Graphical incident timelines for fast data retrieval.
  • Easily configured custom views to quickly view specified queries.
  • Incident management workflow.
  • Reports to data owners on a scheduled basis.

SmartEvent shows information for all Software Blades in the environment. SmartEvent Intro shows information for one SmartEvent Intro mode. If you select Anti-Bot and Anti-Virus as the SmartEvent Intro Mode, it shows the Anti-Bot and Anti-Virus information.

To use SmartEvent or SmartEvent Intro, you must enable it on the Security Management Server or on a dedicated machine. See either:

Viewing Information in SmartEvent

To open SmartEvent do one of these:

  • Click Start > Check Point > SmartEvent.
  • From the Anti-Bot and Anti-Virus tab > Navigation Tree > Analyze & Report link.
  • From the Anti-Bot and Anti-Virus tab > Overview > Statistics > Graphs link.
  • From the SmartDashboard toolbar of any SmartConsole application, select Window > SmartEvent or press Control +Shift +A.

When SmartEvent opens, go to Events > Predefined > Anti-Bot and Anti-Virus to use the predefined queries for Anti-Bot and Anti-Virus.

  • All Events - Shows all Anti-Bot and Anti-Virus events grouped by source, includes all prevented and detected events.
  • By Protection Name - Shows all Anti-Bot and Anti-Virus events grouped by protection name.
  • By Protection Type - Shows all Anti-Bot and Anti-Virus events grouped by protection name.
  • By Activity - Shows all Anti-Bot and Anti-Virus events grouped by malware activity.
  • More > Anti-Bot - Shows all Anti-Bot events.
  • More > Anti-Virus - Shows all Anti-Virus events.
  • More > Blocked Incidents - Shows all Anti-Bot and Anti-Virus blocked incidents.

Updating the Anti-Bot and Anti-Virus Rule Base

In some cases, after evaluating an event, it may be necessary to update a rule or rule exception in the SmartDashboard Rule Base. You can do this directly from within SmartEvent.

To update a rule in the Anti-Bot and Anti-Virus Rule Base:

  1. Right-click the event or from within event details select the Anti-Virus or Anti-Bot menu.
  2. Select Go to Rule.

    SmartDashboard opens showing the related rule in the Anti-Bot and Anti-Virus Rule Base.

  3. Make related changes.
  4. Click Install Policy to install the dedicated Anti-Bot and Anti-Virus policy.

To update a rule exception in the Anti-Bot and Anti-Virus Rule Base:

  1. Right-click the event or from within the event details, select the Anti-Virus or Anti-Bot menu.
  2. Select Add Exception to the Rule.

    SmartDashboard opens and shows an Add Exception window in the Anti-Bot and Anti-Virus Rule Base. These details are shown:

    • Protection - The name of the protection. Details are taken from the ThreatCloud repository or, if there is no connectivity, from the log.
    • Scope - The scope is taken from the log. If there is no related host object, an object is created automatically after you click OK. Click the plus sign to add additional objects.
    • Install On - Shows All by default. You can use the plus sign to add gateways.
  3. Select an Exception Scope option:
    • Apply Exception to rule number X - If you want the exception to apply only to the related rule.
    • Apply Exception to all rules - If you want the exception to apply to all rules. The exception is added to the Exception Groups > Global Exceptions pane.
  4. Click OK.

    The exception is added to the Rule Base. The Action is set to Detect by default. Change if necessary.

  5. Click Install Policy to install the dedicated Anti-Bot and Anti-Virus policy.

Accessing the Threat Wiki

You can open the Threat Wiki from within SmartEvent to get more information about a specified protection.

To open the Threat Wiki do one of these:

  • Right-click an event and select Go to Threat Wiki.
  • Click the malware protection link in the event log.
  • Select Go to Threat Wiki from the Anti-Virus or Anti-Bot tab in the event log.

Anti-Bot and Anti-Virus Reports

Daily, weekly, and monthly reports of the events recorded by SmartEvent are configured and stored on the Reports tab. These reports show a high-level summary of the event patterns occurring on your network.

Upon creation, reports can be automatically emailed to predefined addresses, eliminating the need to open SmartEvent to learn of the system's status. You can also choose to save them as PDFs or view them in a browser.

Viewing Information in SmartEvent Intro

To open SmartEvent Intro:

  1. From the SmartDashboard toolbar, select Window > SmartEvent Intro or press Control +Shift +E.
  2. Select Anti-Bot and Anti-Virus.

All of the information in SmartEvent Intro is based on Anti-Bot and Anti-Virus events. See the different tabs for detailed information.

The SmartEvent Intro Overview Page

The Overview page shows a quick understandable overview of the Anti-Bot and Anti-Virus traffic in your environment. Double-click on data in any of the sections in the Overview tab to open the associated list of events to investigate issues down to the individual event level.

The Overview page includes these panes:

  • Timeline View
  • Anti-Bot & Anti-Virus
  • Top Source/Destination Countries of Anti-Bot & Anti-Virus
  • Top Malwares by Event Count
  • Top Malicious Activities by Event Count
  • Status

Anti-Bot and Anti-Virus Event Queries

See detailed event queries in the Events tab.

  • All Events - Shows all Anti-Bot and Anti-Virus events grouped by source, includes all prevented and detected events.
  • By Protection Name - Shows all Anti-Bot and Anti-Virus events grouped by protection name.
  • By Protection Type - Shows all Anti-Bot and Anti-Virus events grouped by protection name.
  • By Activity - Shows all Anti-Bot and Anti-Virus events grouped by malware activity.
  • More > Anti-Bot - Shows all Anti-Bot events.
  • More > Anti-Virus - Shows all Anti-Virus events.
  • More > Blocked Incidents - Shows all Anti-Bot and Anti-Virus blocked incidents.

See the R76 SmartEvent Intro Administration Guide.

 
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print