Predefined Reports
This appendix describes the predefined reports available under each subject and specifies the report ID required for command line generation.
Anti-Virus & Anti-Malware Blade Reports
Standard Reports
Content Inspection Reports
Standard Reports
Express Reports
- Anti-Spam Activity — This report provides an overview of Anti-Spam activity. It includes data regarding:
- Spam emails that were identified and handled
- Spam emails categorized by date
- Spam emails categorized by hour of the day
Report ID — {B5994073-C220-4CA7-9532-BD453304E67E}
- Anti-Virus — This report provides an overview of the items scanned by Anti-Virus and handled by the Security Gateway. It provides data about items that were accepted or blocked, projected by Security Gateways, method of enforcement (infection, file type or configured limits) and dates.
Report ID — {85396AED-6554-4DB9-BBE3-28285E328424}
- URL Filtering Activity — This report provides an overview of Web (URL) filtering handled by the Security Gateways. It provides data about URLs that were accepted or blocked, projected by Security Gateways, method of enforcement (categorization or custom lists) and dates.
Report ID — {3243E4CB-DAA5-4A08-A9D3-72EEC6C3200E}
Cross Blade Network Activity Reports
Standard Reports
- Approved Traffic — This report presents data about traffic that was accepted. This report can be used to see network activity to determine effective usage of your resources. Specific sections include information regarding:
- overall traffic characteristics as well as a breakdown by hour and by date
- the top network users
- top services used
- top sources and top destinations of network traffic
Report ID — {0C20043C-B8C1-4A20-9CD8-C2FAE589E877}
- List of all Approved Traffic — This report presents the details of all connections. It can be used for specific security or network behavior inspection. Use this report to collect specific data by filtering only the data you wish to view. This report can generate large amounts of data; select filters and time frames judiciously to create a useful result.
Report ID — {D7CD8E72-6978-48DB-897A-365ED6B42482}
- User Activity — This report presents the user activity as it was logged by the Security Gateway. It includes information about network activity that users performed through the Security Gateway.
Report ID — {D7CD8E72-6978-48DB-897A-365ED6B42482}
- Web Traffic — This report presents data about the web traffic through Security Gateways and Mobile Access. Specific sections include:
- Total web traffic load
- Top sites visited
- Top web users
- Distribution of web traffic by direction
- Web Traffic by hour and by date
Filtering data by user can refine the results about individual activity.
Report ID — {89A57E29-5F58-4E6E-B377-40702631A3A0}
Cross Blade Security Reports
Standard Reports
- Blocked Traffic — This report presents data regarding events that were blocked. It can be used to determine:
- The volume of events that were blocked
- The top sources of blocked events, their destinations and services
Report ID — {C6F9ED20-E130-40BC-B67C-C37E3BFDD31D}
- Login Activity — This report presents login activity associated with Endpoint Security VPN, SSL Network Extender and Mobile Access.
Report ID — {BCE31986-4FD9-4E67-8F1A-69D28E2F9A7F}
- Login Failures — This report presents all login failures that were reported by the Security Gateway.
Report ID — {18912ED2-E6E6-448D-9F5A-FD357AC4AE42}
Endpoint Security Blade Reports
Standard Reports
- Anti-Malware — This report shows Malware detected on endpoint computers by the Anti-Malware feature. Use this report to identify Malware and the users affected by Malware. You can extend the data to include all results, instead of just the top, by increasing the number of results in the Table Properties for each Table.
Report ID — {8D555251-0525-4FE4-BDF2-84087B97E024}
- Blocked Programs — This report shows programs blocked on endpoint computers by your security policies. Use this report to see what programs are being used that are malicious or violate corporate policy and to identify the users that initiate these programs. You can extend the data to include all results, instead of just the top, by increasing the number of results in the Table Properties for each Table.
Report ID — {65E33008-1764-44B0-A5B3-B0449034D3ED}
- Compliance — This report shows compliance events at the endpoint detected by the compliance enforcement rules. Use this report to see which endpoints and users are out of compliance with your security policies and to identify frequently violated enforcement rules. You can extend the data to include all results, instead of just the top, by increasing the number of results in the Table Properties for each Table. This report shows compliance events at the endpoint detected by the compliance enforcement rules.
Report ID — {DCC0DC4D-D8CC-4654-A5EA-4288A24137FB}
- Endpoint Errors — This report shows errors detected with the Endpoint Security client. It identifies errors such as the inability to upload logs, download a policy, or errors in the policy file. Use this report to identify endpoints to investigate for errors or endpoints that may not have the latest policies. You can extend the data to include all results, instead of just the top, by increasing the number of results in the Table Properties for each Table.
Report ID — {2C9BA414-30CA-4C24-B9F0-870B4D3FF7D4}
- Firewall Events — This report shows Firewall events that occurred on endpoint computers. Use this report to monitor traffic, check the effectiveness of Firewall rules, locate abnormally behaving endpoints, and identify suspicious sources and destinations. You can extend the data to include all results, instead of just the top, by increasing the number of results in the Table Properties for each Table.
Report ID — {99DB6667-F1BC-43AD-B75A-7A7489148ABB}
- Summary — This report presents a summary of security activity on endpoint computers. Use this report to see trends in the security of endpoints and the effectiveness of the security policies.
Report ID — {EBBD4849-5482-47AD-A1DF-005D012E646F}
Event Management Reports
- Detailed Events— This report presents the events detected by SmartEvent. It includes the distribution of events by severity, date and time, source, destination, service and product.
This report can be used to determine which SmartEvent events are most common and discover various event trends such as the top sources and destinations of the events.Report ID — {CB08FAF2-2EF1-4FA2-8D46-5BF78857C348}
- List of all Events— This report presents the events detected by SmartEvent in a format similar to the SmartEvent client. This report is commonly used in conjunction with filters to present customized event lists.
Report ID — {630DBB0B-459A-4650-8957-16BB8EC24EE1}
Detailed DLP Incidents
— This report presents the events detected by SmartEvent Software Blade. It distributes events by severity, date and time, source, destination, service and product. You can use this report to determine which detected events are most common and to understand event trends, such as the top sources and destinations of the events.Report ID — {71B8D439-FAE8-4FCF-BC88-AA2C3C75EF04}
Applications Activity
— This report presents applications detected by the SmartEvent Software Blade. The report presents applications by: application name, category, number of sessions, traffic volume (in bytes), and first detection time.Report ID — {1DD02E0E-10B1-4A07-9027-7B64EA261BDD}
Firewall Blade - Security Reports
Standard Reports
- Alerts — This report presents the alerts issued by the Security Gateway. It includes the entire list of alerts issued, as well as the distribution of alerts by source, destination, and service.
Report ID — {475AD894-2AC0-11D6-A330-0002B3321334}
- Blocked Connections — This report presents data regarding connections that the blocked by the Security Gateway.
It can be used to determine:
- the volume of connections that were blocked
- the top sources of blocked connections, their destinations and services
Report ID — {475AD891-2AC0-11D6-A330-0002B3321334}
- Gateway Traffic — This report provides an overview of the network activity that the Security Gateway handled. It includes distribution of traffic by Firewall action and data about traffic that was originated from or destined to the Security Gateway itself.
Report ID - {0A4E3BC7-55C0-11d6-A342-0002B3321334}
- Policy Installations — This report presents policy installation data for a specific Security Gateway. It includes data regarding the number of policy install and uninstall procedures. The report is designed to produce results for a single Security Gateway. Using this report for multiple Security Gateways may produce misleading results.
Report ID — {475AD88F-2AC0-11D6-A330-0002B3321334}
- Rule Base Analysis — This report presents an analysis of Security Gateway rule base for a specific Security Gateway.
The report can be used to determine which rules are used the most, which rules are used infrequently and which rules are never used. It can also be used to determine which rules are matched by service, source, and destination.
Rules are presented by their location in the policy at the time of report generation, while their usage data is gathered by their unique ID where possible. If no unique ID data is available, the rules are marked with an asterisk.
Report ID — {475AD88E-2AC0-11D6-A330-0002B3321334}
Firewall Blade - Activity Reports
Standard Reports
- FTP Activity — This report presents data about FTP traffic through the Security Gateway. It can be used to determine:
- Total FTP traffic
- FTP traffic by hour and by date
- Top uploaded/downloaded files
- Top uploaded/downloaded file types
Report ID — {7B12F482-5DF0-11D6-A343-0002B3321334}
- List of all Connections - this report presents the details of all connections. It can be used for specific security or network behavior inspection. Use this report to collect specific data by filtering only the data you wish to view.
Note - this report can generate large amounts of data. Select filters and time frames judiciously to create a useful result.
Report ID — {9CBEE3F3-DA22-46A8-B13B-3BF4D5E1D2EA}
- Network Activity — This report presents data about traffic accepted by the Security Gateway. This report can be used to view network activity in order to determine effective usage of resources.
Specific sections include information regarding:
- overall traffic characteristics as well as a breakdown by hour and by date
- the top network users
- top services used
- top sources and top destinations of network traffic
Report ID — {0A4E3BB9-55C0-11D6-A342-0002B3321334}
- POP3/IMAP Activity — this report presents data about POP3/IMAP traffic through the Security Gateway. It includes data about total POP3/IMAP traffic load and distribution of traffic by direction.
Report ID — {70D7A36F-B3E1-45B7-BDC9-165E35653538}
- SMTP Activity — this report presents data about SMTP mail traffic through the Security Gateway. It can be used to determine total mail traffic load as well as top mail senders and top mail recipients.
Report ID — {7B12F483-5DF0-11D6-A343-0002B3321334}
- User Activity - this report presents the user activity as it was logged by the Security Gateway. It includes information about network activity that users performed through the Security Gateway.
Report ID — {D7CD8E72-6978-48DB-897A-365ED6B42482}
- Web Activity — this report presents data about the web traffic through the Security Gateway.
Specific sections include:
- The total web traffic load
- Top sites visited
- Top web users
- Distribution of web traffic by direction.
- Web Traffic by hour and by date
Filtering data by user can refine the results about individual activity.
Report ID — {7B12F481-5DF0-11D6-A343-0002B3321334}
Firewall Network Activity
Express Reports
- FTP Activity — This report provides an overview about FTP security server activity. It includes data about:
- Accepted and rejected FTP sessions
- Average concurrent FTP sessions
- FTP sessions over time
Report ID — {C0D0C34B-F35D-4482-9CF8-631B7ACEEE57}
- Network Activity — This report provides an overview of the network activity that Security Gateway handled. It includes data about top traffic sources, top destinations and top services in terms of bytes/sec or concurrent connections, as well as the top rules by date.
Report ID — {DB3CBF73-DC1C-4E0C-8D04-8000EA64FF5F}
- Selected Services Activity — This report provides an overview about selected services:
- FTP
- HTTP
- HTTPS
- SMTP
- TELNET
- POP3/IMAP
It includes data about traffic bytes, byte rate and the number of concurrent connections for these services.
Report ID — {3D7854AB-6118-437F-87A3-71BD392E7DF3}
- SMTP Activity — This report provides an overview of the SMTP security server activity. It includes data about the number of SMTP emails handled and the number of SMTP connections.
Report ID — {9BE87F3D-AADC-425D-B59E-E4B221564FAD}
InterSpect Reports
Standard Reports
Express Reports
- InterSpect Activity — This report provides an overview of the network activity that InterSpect handled. It includes data about total traffic connections and total numbers of accepted and denied packets.
Report ID — {2CFA72AF-47D1-4374-B542-9FE7181813F6}
- InterSpect Network Activity — This report provides an overview of the network activity that InterSpect handled. It includes data about traffic sources, destinations and services.
Report ID — {B483F96A-E911-4F45-940C-A3F5E0AAD2FA}
- InterSpect System Information — This report provides data about the system CPU, memory and free disk space.
Report ID — {2320E7D8-3047-4D88-99E4-437A8AC0C063}
IPS Blade Reports
Standard Reports
IPsec VPN Blade Reports
Standard Reports
- Encrypted Network Activity — This report presents data about network traffic that the Security Gateway encrypted. It includes data about total encrypted traffic load, distribution of encrypted traffic by services and by traffic direction.
Report ID — {0A4E3BC6-55C0-11d6-A342-0002B3321334}
- Endpoint Security VPN Users Activity — This report presents Endpoint Security VPN activity as it was logged by the alerts uploaded from the desktops. It includes sections on:
- Policy server logins
- Top users by login duration
- Top Servers by login
The report also shows Policy Server activity information.
Report ID — {E387C01B-0373-406a-84BC-DAF15A3E5759}
- VPN Community — This report provides data about VPN community activity. The report can also be used for any set of multiple Security Gateways and provides data about:
- Security Gateway encrypted traffic
- VPN tunnel creation and its distribution throughout the day.
Report ID — {BD534B0B-C4CA-41c4-A996-76D3317FF2D2}
- VPN Tunnel for Specific Gateway — This report provides data about specific Security Gateway connections. The report shows the level of activity between a Security Gateway and its peers, VPN traffic distribution and VPN tunnel creation. The report is designed to produce results for a single Security Gateway. Using this report for multiple Security Gateways may produce misleading results. To obtain data regarding multiple Security Gateways use the 'VPN Community' report.
Report ID — {E74B0FA9-7617-11D6-A351-0002B3321334}
Express Reports
My Reports
Standard Reports
This category includes predefined reports as well as reports you have customized to better address your specific needs.
The following reports present the events detected by Event Analysis blades. They include the distribution of events by severity, date and time, source, destination, service and product. These reports can be used to determine which Analyzer events are most common and to discover various event trends, such as the top sources and destinations of the events.
- Daily Domain Detailed Events (Multi-Domain Security Management Deployment)
Report ID — {7395F2D0-03A0-412E-8C04-ECF44E32681C}
- Daily Detailed Events
Report ID — {9974A621-1470-4964-9180-14F62FB2DAD1}
- Hourly Domain Detailed Events (Multi-Domain Security Management Deployment)
Report ID — {28A841C5-5043-47A3-92C4-7CF2F7F3D054}
- Hourly Detailed Events
Report ID — {A0F8AF8B-DAED-4844-B6CE-76C2B7F2FDA6}
- Monthly Domain Detailed Events (Multi-Domain Security Management Deployment)
Report ID — {26E5139C-1D2E-458E-AE98-92EE2635FF33}
- Monthly Detailed Events
Report ID — {3C3D7646-9FF8-4B03-B69D-1B0B9712AC97}
- Weekly Domain Detailed Events (Multi-Domain Security Management Deployment)
Report ID — {38AE5F1A-6079-49BD-B37A-E5A8E799C109}
- Weekly Detailed Events
Report ID — {4A1234B8-11EE-456D-BC37-F8A32E3CB9B6}
Network Security Reports
Express Reports
- Firewall Activity — This report provides an overview about the network activity that a Security Gateway handled. It includes sections on:
- Top Security Gateways by concurrent connections
- Top Security Gateways by accepted and denied packets
- Accepted and denied packets over time
- Total activity by day of the week and by hour of the day.
Report ID — {F9504B51-4E93-484E-BA9B-747632278B65}
- Peer To Peer Activity — This report provides information about Peer To Peer Activity. It includes data about traffic of services such as Kazaa, eMule, Gnutella, BitTorrent, Skype, ICQ and Yahoo! Messenger.
Report ID — {60F6FCDA-0F66-43A6-B8E6-271247207F5B}
- Port Scan Attacks — This report provides an overview of Port Scan attacks detected by InterSpect.
Report ID — {C93FF2C0-9F72-44C1-9734-38ED64FF96BD}
- SYN Attacks — This report provides an overview of SYN attacks detected by InterSpect.
Report ID — {F0EFADA3-C79B-4E06-958A-E0365194CC83}
Regulatory Compliance Reports
|
Important - Information in these reports is sensitive and must only be provided to users on a need-to-know basis.
|
Compliance Reporting and Disclaimer:
The Regulatory Compliance reports provide “Compliance Source Information“ for use in regulations and standards reporting requirements. Check Point is not providing legal and/or compliance advice and makes no warranties, express or implied, that this information meets compliance regulations. Always consult your legal advisors for compliance regulations and requirements which may be applicable to you.
The following reports meet ISO 17799, COBIT, PCI-DSS, SOX and HIPAA compliance Source requirements.
Standard Reports
- Alert Risks — This report presents the alerts issued by Firewall. It includes the entire list of alerts issued and the distribution of alerts by source, destination and service.
Report ID — {F036E9AD-90F5-4EC5-BE5E-5C26FDCEBC2F}
- Attacks — It includes the distribution of attacks by source, destination, date and time. This report can be used to determine which IPS attacks are most common and the top sources and destinations of these attacks.
Report ID — {FDEBC97B-B148-4F56-BC66-FB8439760C8D}
- Blocked Connections — This report presents data regarding connections that the Security Gateway blocked. It can be used to determine:
- The volume of connections that were blocked
- The top sources of blocked connections, their destinations and services
Report ID — {81FC797B-8862-4CF1-BBD7-BEA504F31C15}
- Blocked Programs Endpoint — This report shows programs that were blocked on endpoint computers by your security policies. You can use this report to see what programs are being used that are malicious or violate corporate policy, and to identify the users that initiate these programs. You can extend the data to include all results, instead of just the top, by increasing the number of results in the Table Properties for each Table.
Report ID — {95E1B452-E154-4421-8C9C-2B90CCBE73DC}
- Endpoint Security Compliance — This report shows compliance events at the endpoint computer that were detected by the compliance enforcement rules. You can use this report to see which endpoint computers and users are out of compliance with your security policies and to identify frequently violated enforcement rules. You can extend the data to include all results, instead of just the top, by increasing the number of results in the Table Properties for each Table.
Report ID — {A2C90031-B4AD-4643-B2CC-F699489388FB}
- Failed Logins — This report presents all login failures that were reported by Security Gateway.
Report ID — {BA92DEC2-D7C6-4CEE-B828-12FBE5B0E964}
- GTP Firewall Security Alerts — This report provides information regarding GTP signaling messages or GTP data packets that where dropped because they did not meet the necessary security requirements.
Report ID — {8CC905F9-59F5-473C-AA86-42BB8763B7FD}
- List of Added Dynamic Rules — This report provides detailed information about the dynamic rules added to the system. This report can be filtered to reduce the size of its output.
Report ID — {6CA37FB0-B322-44AC-9CCC-4EB80EF0CE2A}
- MailSafe Endpoint — This report shows email extensions that were quarantined on endpoint computers using the MailSafe feature. You can use this report to identify the use of attachments that could be malicious or may violate policy. You can extend the data to include all results, instead of just the top, by increasing the number of results in the Table Properties for each Table.
Report ID — {0CB2D174-7B5B-47BD-B781-81C117E07344}
- Policy Installations — This report presents policy installation data for a specific Security Gateway. It includes data regarding the number of policy install and uninstall procedures. The report is designed to produce results for a single Security Gateway. If you use this report for multiple Security Gateways, it may produce misleading results.
Report ID — {E11B11B8-2311-4179-B58C-9F7C4498EA45}
- Quarantined Hosts — This report provides an overview about the host addresses that were quarantined.
Report ID — {44C03345-4FE0-4AE2-A820-7C84FA9713EA}
- Risk Summary — This report presents data regarding connections that Firewall blocked. It can be used to determine:
- The volume of connections that were blocked.
- The top sources of blocked connections, their destinations and services.
Report ID — {93803268-840C-476D-A859-1BF3D73EBBCD}
- Spyware Endpoint — This report shows spyware that is detected on endpoint computers by the Anti-Spyware feature. You should use this report to identify spyware programs and the users affected by spyware. You can extend the data to include all results, instead of just the top, by increasing the number of results in the Table Properties for each Table.
Report ID — {BE003478-3AD7-46BD-A805-7E9584AB19D9}
- Successful Logins — This report presents login activity associated with Endpoint Security VPN, SSL Network Extender and Mobile Access.
Report ID — {3968DFE8-403E-4A7A-9636-9B46188C2654}
- Viruses — This report presents statistics about detected viruses. It includes the distribution of viruses by source, destination, date and time. This report can be used to determine which viruses are the most common and the top sources and destinations of the viruses.
Report ID — {DA589319-3268-4A4B-8569-11F45B397947}
Express Reports
- Application Layer — The report provides information about Application Layer defenses. It contains a summary of all the traffic that was classified as Application Layer attacks. Such attacks attempt to target the web application layer such as the database layer, server side scripts and various components used in the application. The attacks are divided into several categories: cross site scripting, command injection, SQL injection etc.
Report ID — {865417E0-048A-404B-8E9F-777EB4F85D45}
- Firewall Memory Information — This report provides data about memory allocations that the Firewall made. It includes data about various types of memory allocations used by the Firewall.
Report ID — {7762B74C-329D-49C2-A7AD-2466AFE7A0CC}
- System Information — This report provides data about the Security Gateways' system status, including data about CPU, memory and disk space. This report can be used to see the load on the Security Gateway over time.
Report ID — {ABF8BF25-DBC0-46F0-A2D5-3C0C5086DDB6}
Mobile Access Blade Reports
Standard Reports
System Information Reports
Express Reports
