System Administration
To maintain your SmartEvent system, you can do these tasks from the General Settings section of the Policy tab:
-
Adding a SmartEvent Correlation Unit
SmartEvent software component on a SmartEvent Server that analyzes logs and detects events. and Log Servers. -
Create offline jobs analyze historical log files (see Importing Offline Log Files).
-
Adding objects to the Internal Network
Computers and resources protected by the Firewall and accessed by authenticated users.. -
Creating scripts to run as Automatic Reactions for certain events (see Creating an Automatic Reaction "External Script").
-
Creating objects for use in filters.
Adding a Host or Network Object to SmartEvent
Network Objects are the objects that are synchronized from the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. database as well as user-defined additional objects. These objects from the Management Server are added to SmartEvent during the initial sync and updated at set intervals.
|
|
Best Practice - Add new Host and Network objects in SmartConsole |
-
In SmartConsole, from the left navigation panel, click the Logs & Monitor view.
-
At the top, click + to open a new tab.
-
In the bottom section External Apps, click SmartEvent Settings & Policy.
-
Click the folder General Settings > Objects > the object Network Objects.
-
Click Add > Host or Network.
-
Configure the object:
-
For a Host object:
-
In the Name field, enter a significant name.
You can enter a hostname if the SmartEvent Server
Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database. can resolve this hostname. -
In the IP Address field, enter the required host IP address.
If in the Name field, you entered a hostname, and the SmartEvent Server can resolve this hostname, then you can click Get Address.
-
Optional: In the Comment field, enter a significant text.
-
-
For a Network object:
-
In the Name field, enter a significant name.
-
In the Network Address field, enter the required network IP address.
-
In the Net Mask field, enter the required network mask.
-
Optional: In the Comment field, enter a significant text.
-
-
-
Click OK.
-
Click Menu > File > Save.
-
Click Menu > Actions > Install Event Policy.
Defining the Internal Network
|
|
Note - Some network objects are copied from the Management server to the SmartEvent Server during the the initial sync and updated afterwards. You cannot configure the internal network until the initial sync is complete. |
To help SmartEvent conclude if events originated internally or externally, you must define the Internal Network.
The Internal Network defines hosts, networks, or groups that are part of the network behind the organization's perimeter.
These are the options to calculate the traffic direction:
-
Incoming - All the sources are external to the network and all destinations are internal.
-
Outgoing - All sources are in the network and all destinations are external.
-
Internal - Sources and destinations are all in the network.
-
Other - A mixture of internal and external values makes the result indeterminate.
To define the Internal Network:
-
In SmartConsole, from the left navigation panel, click the Logs & Monitor view.
-
At the top, click + to open a new tab.
-
In the bottom section External Apps, click SmartEvent Settings & Policy.
-
Click the folder General Settings > Initial Settings > the object Internal Network.
-
In the left panel Not in Internal Network, select one or more relevant objects (press and hold the CTRL key).
We recommend you add all internal Network objects, and not Host objects.
-
Click Add.
-
In the right panel In Internal Network, you can click Add New to add a new Host or Network object.
-
Click Menu > File > Save.
-
Click Menu > Actions > Install Event Policy.