System Administration

To maintain your SmartEvent system, you can do these tasks from the General Settings section of the Policy tab:

• Adding a SmartEvent Correlation Unit SmartEvent software component on a SmartEvent Server that analyzes logs and detects events. and Log Servers

• Create offline jobs analyze historical log files (see Importing Offline Log Files).

• Adding objects to the Internal Network Computers and resources protected by the Firewall and accessed by authenticated users.

• Creating scripts to run as Automatic Reactions for certain events (see Creating an External Script Automatic Reaction)

• Creating objects for use in filters

Adding Network and Host Objects

Network Objects are the objects that are synchronized from the Management object database as well as user defined additional objects. These objects from the Management server are added to SmartEvent during the initial sync and updated at set intervals.

As a best practice, use SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to add new network or host objects to the Management server.

The customer cannot define the internal network until the initial sync is complete.

To add a host or network object to SmartEvent:

1. From the Policy tab, select General Settings > Objects > Network Objects > Add > Host or Add Network.

2. Give the device a significant name.

3. For a host, enter the IP Address or select Get Address.

4. For a network object, enter the Network Address and Net Mask.

5. Select OK.

Defining the Internal Network

To help SmartEvent conclude if events originated internally or externally, you must define the Internal Network. These are the options to calculate the traffic direction:

• Incoming - All the sources are external to the network and all destinations are internal.

• Outgoing - All sources are in the network and all destinations are external.

• Internal - Sources and destinations are all in the network.

• Other - A mixture of internal and external values makes the result indeterminate.

To define the Internal Network:

1. From the Policy tab, select General Settings > Initial Settings > Internal Network.

2. Add internal objects.

   We recommend you add all internal Network objects, and not Host objects.

Some network objects are copied from the Management server to the SmartEvent Server Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database. during the the initial sync and updated afterwards.

Note - The customer cannot define the internal network until the initial sync is complete.