CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: Binding IPS log row with e-mail message

  1. 2016-11-16 #1
    danielc
    danielc is offline Junior Member
    Join Date
    2016-11-16
    Posts
    2
    Rep Power
    0

    Default Binding IPS log row with e-mail message

    Hallo,

    I observe logs from IPS in SmartLog relative to SMTP service and I can't find any information about smtp message header (sender or subject like in DLP or Threat emulation). It is important because I have to find e-mail message, on mail server, corresponding to current log row. So please help how can I bind current log row with e-mail message on mail server. Is there any way ?

    Regards
    Daniel
    Reply With Quote Reply With Quote
  2. 2016-11-17 #2
    varera
    varera is offline Senior Member
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,030
    Rep Power
    18

    Default Re: Binding IPS log row with e-mail message

    IPS does not "intercept" messages but only inspects protocol abuses. For that reason you will not be able to achieve your goal.

    Alternatively, you can add packet capture to IPS logs for further investigation


    Sent from my iPhone using Tapatalk
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/
    Reply With Quote Reply With Quote
  3. 2016-11-24 #3
    danielc
    danielc is offline Junior Member
    Join Date
    2016-11-16
    Posts
    2
    Rep Power
    0

    Default Re: Binding IPS log row with e-mail message

    Hi,

    thank you for your advice. It was very helpfull. The goal is achived.
    Reply With Quote Reply With Quote
  4. 2016-11-25 #4
    varera
    varera is offline Senior Member
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,030
    Rep Power
    18

    Default Re: Binding IPS log row with e-mail message

    Quote Originally Posted by danielc View Post
    Hi,

    thank you for your advice. It was very helpfull. The goal is achived.
    Cool :-)
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. AD account permissions for LDAP binding
    By jith787 in forum SmartDirectory/LDAP/Active Directory
    Replies: 1
    Last Post: 2012-09-23, 21:39
  2. Binding to LDAP server failed w/SC behind private IP address & LDAP Server inside VPN
    By armando.ferreira in forum SmartDirectory/LDAP/Active Directory
    Replies: 0
    Last Post: 2011-08-24, 18:51
  3. how to Mail alert configuration and what happens when sending mail fails
    By vbavbalist in forum SmartView Tracker
    Replies: 0
    Last Post: 2008-10-17, 05:08
  4. Customize message that is delivered by smtp security server when mail is blocked
    By lopaten in forum Messaging Security
    Replies: 0
    Last Post: 2008-09-08, 15:41
  5. failed to create mail message
    By smithab in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 4
    Last Post: 2007-12-10, 10:08

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules