CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: Send email alert when packet blocked/detected

  1. #1
    Join Date
    2016-06-01
    Posts
    5
    Rep Power
    0

    Default Send email alert when packet blocked/detected

    Is it possible to set up an alert so I get an email every time an entry that would otherwise show up in SmartView Tracker, IPS Blade, All is generated?

    Been looking for a good way to do that - although, we're also looking into somehow getting these logs into Splunk. What would be the best way to do that so events come across to Splunk as soon as possible and with hopefully low overhead, thus to generate an alert? Was looking into using it as Splunk syslog forwarder but from what I've read on here it doesn't forward the firewall log in that manner.. It appears the Splunkbase OPSEC LEA grabber has some issues, especially with 6.4 so that's probably out.

    Any advice gratefully appreciated thanks.

    A

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,651
    Rep Power
    10

    Default Re: Send email alert when packet blocked/detected

    Have you thought about just turning off your mail server(s) since you seem to want to bring them down? :D

  3. #3
    Join Date
    2016-06-01
    Posts
    5
    Rep Power
    0

    Default Re: Send email alert when packet blocked/detected

    IPS is well tuned, we get very few hits ;-)
    (also helped by the location, I suspect...)

    As is typical, I found a way to do this in SmartEvent - not something I'd looked into before, so now we appear to be getting automated alerts at least.

    Still be useful to know the most efficient/simple way to get the IPS alerts into Splunk tho..!
    Last edited by andyjgw; 2016-06-03 at 11:01.

  4. #4
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,651
    Rep Power
    10

    Default Re: Send email alert when packet blocked/detected

    LEA is the checkpoint protocol used to pull logs.

    This is what i found when i search for splunk checkpoint lea

    https://splunkbase.splunk.com/app/1454/

  5. #5
    Join Date
    2016-06-01
    Posts
    5
    Rep Power
    0

    Default Re: Send email alert when packet blocked/detected

    Thanks, that's the one I was referring to in my post. In the known-issues though, it says it's not compatible with Splunk 6.4 and we're on 6.4.1...

    http://docs.splunk.com/Documentation...s#Known_issues

  6. #6
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,651
    Rep Power
    10

    Default Re: Send email alert when packet blocked/detected

    oops, yet again i miss the top post!

    Well thats too bad. Have you contacted splunk to ask for an update on opsec connectivity?
    Last edited by jflemingeds; 2016-06-07 at 13:22.

  7. #7
    Join Date
    2016-06-01
    Posts
    5
    Rep Power
    0

    Default Re: Send email alert when packet blocked/detected

    No, but I will. Just wondered if it was "the best way" which it sounds like it is - when it works ;-)

Similar Threads

  1. Replies: 0
    Last Post: 2011-09-25, 00:25
  2. How to send email from the cml using SPLAT R65?
    By Spacetrucker in forum SmartView Tracker
    Replies: 5
    Last Post: 2009-10-26, 13:32
  3. Could logs send by email?
    By shmilyh in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 1
    Last Post: 2008-12-23, 23:04
  4. how can i send a popup alert to client browser
    By agultekin in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 3
    Last Post: 2007-09-03, 08:30
  5. Log AND Send an Alert
    By Barry J. Stiefel in forum SmartView Tracker
    Replies: 0
    Last Post: 2005-08-13, 23:23

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •