CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: Binding IPS log row with e-mail message

  1. #1
    Join Date
    2016-11-16
    Posts
    2
    Rep Power
    0

    Default Binding IPS log row with e-mail message

    Hallo,

    I observe logs from IPS in SmartLog relative to SMTP service and I can't find any information about smtp message header (sender or subject like in DLP or Threat emulation). It is important because I have to find e-mail message, on mail server, corresponding to current log row. So please help how can I bind current log row with e-mail message on mail server. Is there any way ?

    Regards
    Daniel

  2. #2
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,030
    Rep Power
    18

    Default Re: Binding IPS log row with e-mail message

    IPS does not "intercept" messages but only inspects protocol abuses. For that reason you will not be able to achieve your goal.

    Alternatively, you can add packet capture to IPS logs for further investigation


    Sent from my iPhone using Tapatalk
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  3. #3
    Join Date
    2016-11-16
    Posts
    2
    Rep Power
    0

    Default Re: Binding IPS log row with e-mail message

    Hi,

    thank you for your advice. It was very helpfull. The goal is achived.

  4. #4
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,030
    Rep Power
    18

    Default Re: Binding IPS log row with e-mail message

    Quote Originally Posted by danielc View Post
    Hi,

    thank you for your advice. It was very helpfull. The goal is achived.
    Cool :-)
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

Similar Threads

  1. AD account permissions for LDAP binding
    By jith787 in forum SmartDirectory/LDAP/Active Directory
    Replies: 1
    Last Post: 2012-09-23, 21:39
  2. Binding to LDAP server failed w/SC behind private IP address & LDAP Server inside VPN
    By armando.ferreira in forum SmartDirectory/LDAP/Active Directory
    Replies: 0
    Last Post: 2011-08-24, 18:51
  3. Replies: 0
    Last Post: 2008-10-17, 05:08
  4. Replies: 0
    Last Post: 2008-09-08, 15:41
  5. failed to create mail message
    By smithab in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 4
    Last Post: 2007-12-10, 10:08

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •