Hi, I don't know how to do it with checkpoint specifically. However, I use a freeware called Simple Event Correlation (SEC) and it takes the checkpoint log that I get through a LEA server. From there, with the data in place, I write SEC rule to do just what you want to accomplish. SEC is a very powerful tool and it is free. Not only it can take log from Checkpoint, it can also takes logs from the SSH server, NetFlow data and other things and based on the rules you specified, it can tell you if your system has been compromised and what you want to do with that information.
Good luck Markus Schmidt <[EMAIL PROTECTED]> wrote: Hi there. Is there a chance to detect SSH brutforce to Servers in the DMZ by Checkpoint? For example blocking a specific IP after 3 SSH connections in 1 Minute? I thoght about using SmartDefense "Successive Events", but there I can't specify a Server.. I have NGX R61, is there something that can help me? Is there something in the newer Versions? I'd like to avoid implementing such a Blocker on the DMZ Servers, wich of course is possible. Thx for help! regards Markus -- http://schmidt.bs-server.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
