CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 5 of 5

Thread: MDS and SmartEvent - Report Generation

  1. #1
    Join Date
    2007-06-04
    Posts
    3,304
    Rep Power
    17

    Default MDS and SmartEvent - Report Generation

    I have an MDS into which a SmartEvent Server is logged in as a Global Object.

    An administrator assigned to a Domain can see the Events, however they cannot generate Reports from within SmartEvent.

    The Administrator has Read/Write to SmartEvent and is defined on the MDS, not the SmartEvent.

    What I am looking to do is give an Administrator Read Only Access to the Security Policy, but allow them to view Events JUST for the Domain that they are assigned too, and generate Reports JUST for the Domain that they are assigned too.

    I Know SmartReporter needs to be a Domain Superuser/Locally Defined on SmartEvent, however that then prevents from restricting the Administrator to just the 1 Domain.

    Any Idea's?

  2. #2
    Join Date
    2014-01-23
    Posts
    28
    Rep Power
    0

    Default Re: MDS and SmartEvent - Report Generation

    Quote Originally Posted by mcnallym View Post
    I have an MDS into which a SmartEvent Server is logged in as a Global Object.

    An administrator assigned to a Domain can see the Events, however they cannot generate Reports from within SmartEvent.

    The Administrator has Read/Write to SmartEvent and is defined on the MDS, not the SmartEvent.

    What I am looking to do is give an Administrator Read Only Access to the Security Policy, but allow them to view Events JUST for the Domain that they are assigned too, and generate Reports JUST for the Domain that they are assigned too.

    I Know SmartReporter needs to be a Domain Superuser/Locally Defined on SmartEvent, however that then prevents from restricting the Administrator to just the 1 Domain.

    Any Idea's?
    For example:
    Mulit-domain name: fastfood
    mulit-domain admin: fastfood_admin
    domain1 name: pizza. domain1 admin name: pizza_admin
    domain2 name: burger. Domain2 admin name: burger_admin

    What i did was, create an admin (pizza_admin) as domain manager. For profiles i created a custom profile. Changed everything to read, except the Events and reports tab. All the options in that tab are set to write. Saved. Name of profile: reporter_profile Assigned this profile to pizza_admin. THen assigned pizza_admin to pizza

    did the same except for burger. Except assigned burger_admin to burger with the reporter_profile.

    Logged into SmartEvent (which is globally assigned) using fastfood_admin
    Went into policy tab and added the domains there.
    Logged out of smartEvent

    Logged into dashboard of pizza and burger with respective admins - can only see because of read only access.
    Logged into SmartEvent as pizza_admin - I see only pizza for domain in policy
    Logged into SmartEvent as burger_admin - I see only burger for domain in policy.


    Also under the Events tab -- Domain --> right click --> Properties --> Event query Properties --> search for domain in the filter section --> Click on Any
    You will see only the domain thats assigned to the userid which was used to log in.

    now i did not get a chance to generate reports since there is no traffic traversing to pull up reports. But i am assuming, that if i can see only the domain that the userid is assigned to then i can pull reports just on that assigned domain.


    hth

  3. #3
    Join Date
    2014-01-23
    Posts
    28
    Rep Power
    0

    Default Re: MDS and SmartEvent - Report Generation

    Wanted to clarify my response. I did not be specific to the additional things as well that could be done when logging in with pizza_admin and burger_admin.


    Logged into SmartEvent as pizza_admin - I see only pizza for domain in policy. Changes to events and to query is also possible. However just for that domain.
    Logged into SmartEvent as burger_admin - I see only burger for domain in policy. Changes to events and to query is also possible. However just for that domain.


    Also under the Events tab -- Domain --> right click --> Properties --> Event query Properties --> search for domain in the filter section --> Click on Any
    You will see only the domain thats assigned to the userid which was used to log in.

    Now i did not get a chance to generate reports since there is no traffic traversing to pull up reports. But i am assuming, that if i can see AND MODIFY the query properties only the domain that the userid is assigned to then i can pull reports just on that assigned domain.

  4. #4
    Join Date
    2005-08-11
    Location
    San Francisco, CA
    Posts
    1,395
    Rep Power
    16

    Default Re: MDS and SmartEvent - Report Generation

    Hmmmm... burger.
    Barry J. Stiefel ("Stee-ful" or "Shtee-ful")
    B.S., MBA, CCSA/CCSE/CCSE+/CCSI
    Resilience RCSE/RCSI, Fortinet FCSE
    CISSP, MCSE, NSA ISM
    Founder of CPUG
    Founder of CPUG University

  5. #5
    Join Date
    2007-06-04
    Posts
    3,304
    Rep Power
    17

    Default Re: MDS and SmartEvent - Report Generation

    Thanks for the response. I think I need to clarify as well, rereading the initial post then I don't think was clear enough.

    When using a Global Object for the SmartEvent then EVENTS are fine, the Administrators assigned to the Domain can see the Events for just that Domain, which is great.

    The problem I have is that when you goto the Reports Tab in SmartEvent.

    The Generate and Manage are greyed out for the Administrators,
    I even used the same profile permissions as you have done as well.

    To map onto your environment

    fastfood_admin can login to the SmartEvent and see events for Both Domains, and can generate and manage reports - Is a Multi-Domain SuperUser so cannot restrict what can do, so this is to be expected.
    pizza_admin can login to the SmartEvent and only see's events for pizza domain1
    burger_admin can login to the SmartEvent and only see's events for the burger domain2

    I have passed traffic through and can get a report out for the Domains using the fastfood_admin so I have traffic to get reports on.

    However when pizza_admin and burger_admin move to the Reports Tab then the Generate and Manage are greyed out. For fastfood_admin then can manage the reports as well as generate reports.
    Even if you don't have traffic log entries and events then should still be able to Manage Reports and create reports. Generation would then come back with a no data found.

    The only way that can get pizza_admin and burger_admin to be be able to generate and manage reports is to make them Domain-SuperUsers where you cannot restrict with a permissions profile so they get read/write to the whole domain, or make them an MDS SuperUser like fastfood_admin. Even if you make them Domain Managers then the Generate and Manage on the Reports Tab are still greyed out, even if make everything Read/Write Access on all of the Permissions Tabs in the permissions profile.

    Events work fine with the Permissions Profile, it is Reporting that doesn't work, unless a Domain SuperUser or MDS SuperUser or Locally Defined on the SmartEvent Server using the cpconfig. All 3 of these settings prevent from applying a permissions profile so that the user would get Read Write to the Policy in Dashboard as well which needs to be avoided.

    SmartReporter has the same issue in that need to be Domain SuperUser, MDS SuperUser or locally defined. I was aware of that on SmartReporter however as the SmartEvent worked with the Permissions profiles for Events then believed that should work when running Reports in SmartEvent, however I wonder if SmartEvent is using SmartReporter in the background, which would explain why seem to get the same permissions issue with the Reporting in SmartEvent.

    When you login with the pizza_admin and burger_admin then under Reports is the Generate and Manage greyed out or not. I know you said have no data in there however should still be able to Manage the Reports.

    It sounds to me from your update that you are seeing the same as me however.

    I have spoken with our Check Point SE and he has gone to confirm for me regarding the Permissions Profiles for Reporting under SmartEvent.

Similar Threads

  1. Upgrading MDS from R70.1 to R75.20 with MDS HA.
    By Bingoig11 in forum Provider-1 (Multi-Domain Management)
    Replies: 0
    Last Post: 2011-12-14, 16:33
  2. Report Generation Issue
    By phollan1 in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 0
    Last Post: 2010-11-25, 08:42
  3. Eventia Report v/s MRTG report not matching
    By jeetu_chaudhari in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 1
    Last Post: 2009-04-01, 19:48
  4. Report Generation
    By vijayant in forum Miscellaneous
    Replies: 1
    Last Post: 2007-11-02, 19:17
  5. Incomplete report generation.
    By odie_m001 in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 0
    Last Post: 2007-03-25, 02:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •