|
|
|
What can I do here?
Use this window to mark updated protections with Follow Up flag.
|
Getting Here - Security Policies > Threat Prevention > Policy > Threat Tools > Updates > IPS > Follow Protections |
The follow up mark lets you monitor specific IPS protections according to your selection. After you select the protections you wish to monitor, you can filter for them in the IPS Protections page and not have to search for them again.
To view protections marked for follow up:
In SmartConsole, go to Security Policies > Threat Prevention > IPS Protections > Filters, and select Follow Up.
You can mark individual protections for follow up or mark all updated protections for follow up in the IPS Updates page.
You can mark individual protections for Follow Up, which lets you quickly review the identified protections in the IPS Protections page. To make the Follow Up feature efficient, make sure to keep the list of marked protections as short as possible. Mark newly downloaded protections and any protection that you want to monitor, but remember to remove protections from this list when you are more confident that you configured them in the best way for your environment, for now. The longer the Follow Up list is, the more difficult it is to use it as a workable task list
To manually mark protections for follow up:
In the IPS Protections page, select one or more protections, right-click and select Follow Protection from the menu.
To unmark the protection, right-click the protection and clear Follow Protection.
Each time the IPS protections are updated, they will be automatically marked for follow up. To unmark the protections for follow up, click Unfollow Protections. To unmark all marked protections, go to Actions > Cleanup Options > Remove All Follow Up Flags.
Note - You can add significant information about a protection in the protection's comment field. To add a comment to a protection, double-click a protection and enter you comment in the Enter Protection Comment field, below the protection's name. You can only add comments to ThreatCloud protections (and not Core protections). You can enter information such as the package version or date of update. Such information is useful because you can search for it at a later date.
Check Point provides new and updated protections as they become available (see Updating IPS Protections). To give you complete control over the process of integrating new IPS protections, you can have them automatically marked for Follow Up, which gives you time to evaluate the impact the protections have on your environment.
To have new protections marked automatically:
In SmartConsole > Security Policies > Threat Prevention > Threat Tools > Updates > IPS >select Follow Protections.
