Working Hours

Working Hours are used to detect unauthorized attempts to access protected systems and other forbidden operations after-hours. To set the Regular Working Hours for an eventClosed Record of a security or network incident that is based on one or more logs, and on a customizable set of rules that are defined in the Event Policy., select a Time Object that you have configured from the drop-down list.

Part 1 - Create a Time Object:

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., from the left navigation panel, click the Logs & Monitor view.

  2. At the top, click + to open a new tab.

  3. In the bottom section External Apps, click SmartEvent Settings & Policy.

  4. Click General Settings Objects > Time Objects.

  5. Click Add.

  6. In the Name field, enter a significant name.

  7. Optional: In the Description field, enter a significant text.

  8. Select the required days and times.

  9. Click Save.

Part 2 - Assign a Time Object to an event:

  1. In the Event Policy folder, select and click the relevant event object that supports the Regular Working Hours field.

    For example, in the Unauthorized Entry event category, click the event User Login at irregular hours.

  2. In the Regular Working Hours field, select the applicable Time object.

Part 3 - Install Event Policy

  1. Click Menu > File > Save.

  2. Click Menu > Actions > Install Event Policy.