Selecting Query Fields

You can enter query criteria directly from the query search bar.

To select field criteria:

If you start a new query, click Clear to remove query definitions.
Put the cursor in the query search bar.
Select a criterion from the drop-down list or enter the criteria in the query search bar.

Using the Action Filter

One of the search filters is Action. When you select the Action filter, a list shows with all the log actions available for searching. This table lists and explains these log actions:

Action	Description
Accept	The Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. allowed traffic based on the Access ControlSecurity Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection..
Allow	The Security Gateway allowed traffic after Firewall or a VPN alert (for example: Protocol Violation) or DLP match on an exception to a rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..
Ask User	The user was prompted to decide if the Security Gateway must block or allow specific traffic, based on Access Control or Custom Threat PreventionSecurity Policies. Or A DLP incident was captured and put in quarantine. The user was asked to decide what to do.
Block	The Security Gateway blocked traffic based on a URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF. or Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI. rule, after a user opted a UserCheck block Action.
Bypass	Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE., Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX. or Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV. did not inspect a file.
Decrypt	The Security Gateway decrypted a VPN packet to reveal its content and allow further inspection.
Detect	A Threat Prevention blade detected malicious traffic but did not block it because it worked in the Detect mode.
Do not send	User decided to drop transmission that was captured by DLP. An administrator with full permissions or with the View, Release or Discard DLP messages permission can also drop these transmissions. Email notification was sent to the user.
Drop	The Security Gateway blocked traffic based on the Access ControlSecurity Policy and did not notify the source.
Encrypt	The Security Gateway encrypted a VPN packet to secure its contents and prevent unauthorized access.
Extract	Threat Extraction extracted potentially malicious content from a file before the file entered the network.
Forgot Passcode	User tapped Forgot Passcode in the Capsule Workspace application.
HTTPS Bypass	The Security Gateway allowed network traffic to bypass HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi..
HTTPS Inspect	The Security Gateway inspected HTTPS traffic.
Inform User	The user was informed what the organization's policy was, based on the Access Control or Custom Threat PreventionSecurity Policies. Or DLP transmission was detected and allowed, and the user was notified.
Inline	Traffic was sent for emulation before it was allowed to enter the internal network.
Inspect	Threat Emulation or Anti-Virus inspected a fie.
IP Changed	An association between a specific IP address and a user changed, because the IP address on the associated host changed (DHCP).
Key Install	The Security Gateway created encryption keys for VPN.
Open Shell	An administrator opened a command shell to a Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. server.
Packet Tagging	The Security Gateway shared a packet tagging key with an Identity Agent.
Prevent	The Security Gateway blocked traffic based on the DLP or Threat Prevention policy.
Quarantine	The Security Gateway isolated an email that was identified as a potential security threat, until further investigation is made..
Reject	The Security Gateway rejected the packet and notified the source with the TCP [RST] packet.
Remote Wipe	The Security Gateway removed offline data cached on a user mobile device with Capsule Workspace Application.
ResetPasscode	User tapped Reset Passcode in the Capsule Workspace application.
Run Script	An administrator executed a script on a Gaia server from SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..
Send	User decided to continue transmission after DLP capture. An administrator with full permissions or with the View/Release/Discard DLP messages permission can also decide to continue transmission. Email notification is sent to the user.
System Backup	An administrator backed up the configuration of the GaiaOperating System of the Security Gateway.
System Restore	An administrator retrieved a backup file and restored configuration of the GaiaOperating System of the Security Gateway.
Update	The Security Gateway downloaded and installed the latest version or Hotfix Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior..
VPN Routing	The Security Gateway directed the VPN traffic through the appropriate specific VPN tunnel or Security Gateway.