Checkpoint firewall in RSA envision
I am new to this forum and RSA envision too <IMG src="/4.5.6/images/emoticons/happy.gif" class="jive_macro jive_emote" jivemacro="emoticon" ___jive_emoticon_name="happy" mcesrc="/4.5.6/images/emoticons/happy.gif">.
Our orgnizaion is setting up SOC.
I would like to know what all possible way to monitor checkpoint firewall.
Here i am not looking in perspective of integrating device in evision but logical rules/dashboard/alerts for CP firewall.
Thanks in advance
Little generic stuff below may help you.
--- > Top 10 IP’s of denied inbound traffic.
Configuration changes @ out of office hours.
Bandwidth usage by IP’s Address/Departments
Top inbound/out bound connections to critical services or DMZ segment
---> Smart defiance (or) IPS blade is enabled.
Top signature allowed/denied
---> Remote VPN is configured
Failed logins in day