Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve authentication normalization
- Loading branch information
Showing
11 changed files
with
984 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
...ges/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-authentication.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
<134>1 2023-12-29T14:20:02Z CP-Manager CheckPoint 10547 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x658ed593,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.153"; originsicname:"cn=cp_mgmt,o=CP-Manager.example.local"; sequencenum:"1"; time:"1703859602"; version:"5"; additional_info:"login by localhost"; administrator:"WEB_API"; client_ip:"192.168.1.153"; operation:"Log In"; product:"WEB_API"; sendtotrackerasadvancedauditlog:"0"; subject:"Administrator Login"] | ||
<134>1 2023-12-29T14:03:03Z CP-Manager CheckPoint 10547 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x658ed198,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.153"; originsicname:"cn=cp_mgmt,o=CP-Manager.example.local"; sequencenum:"1"; time:"1703858583"; version:"5"; additional_info:"Authentication method: Active Directory"; administrator:"User (Example)"; client_ip:"127.0.0.1"; machine:"localhost"; operation:"Log In"; operation_number:"10"; product:"WEB_API"; subject:"Administrator Login"] | ||
<134>1 2023-12-29T08:42:55Z CP-Manager CheckPoint 10547 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x658e8690,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.153"; originsicname:"cn=cp_mgmt,o=CP-Manager.example.local"; sequencenum:"1"; time:"1703839375"; version:"5"; additional_info:"Authentication method: radius"; administrator:"mario.rossi@example.org"; client_ip:"10.16.10.27"; machine:"desktop0001.example.local"; operation:"Log In"; operation_number:"10"; product:"SmartConsole"; subject:"Administrator Login"] | ||
<134>1 2023-12-15T11:52:02Z CP-Manager CheckPoint 10547 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x657c3de4,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.153"; originsicname:"cn=cp_mgmt,o=CP-Manager.example.local"; sequencenum:"1"; time:"1702641122"; version:"5"; additional_info:"Authentication method: radius"; administrator:"i.biachi@customer.com"; client_ip:"172.28.11.213"; machine:"relay599.rdnssender.com"; operation:"Log In"; operation_number:"10"; product:"SmartConsole"; subject:"Administrator Login"] | ||
<134>1 2023-12-27T09:39:55Z CP-Manager CheckPoint 10547 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x658bf0ed,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.153"; originsicname:"cn=cp_mgmt,o=CP-Manager.example.local"; sequencenum:"1"; time:"1703669995"; version:"5"; additional_info:"Administrator failed to log in: Wrong Password"; administrator:"i.biachi@customer.com"; audit_status:"Failure"; client_ip:"172.28.11.213"; machine:"relay599.rdnssender.com"; operation:"Log In"; operation_number:"11"; product:"SmartConsole"; subject:"Administrator Login"] | ||
<134>1 2023-12-28T08:03:28Z CP-Manager CheckPoint 10547 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x658d2bd2,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.153"; originsicname:"cn=cp_mgmt,o=CP-Manager.example.local"; sequencenum:"1"; time:"1703750608"; version:"5"; additional_info:"Administrator failed to log in: SIC Error for gettopo: Server could not find authentication method for service gettopo. Peer is: "; audit_status:"Failure"; client_ip:"172.28.11.213"; operation:"Log In"; operation_number:"11"; product:"Unknown"; subject:"Administrator Login"] | ||
<134>1 2023-12-21T10:41:20Z CP-Manager CheckPoint 10547 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x65841652,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.153"; originsicname:"cn=cp_mgmt,o=CP-Manager.example.local"; sequencenum:"1"; time:"1703155280"; version:"5"; additional_info:"Administrator failed to log in: Wrong Password"; administrator:"mario.rossi@example.org"; audit_status:"Failure"; client_ip:"172.16.1.190"; machine:"cp_console.example.local"; operation:"Log In"; operation_number:"11"; product:"SmartConsole"; subject:"Administrator Login"] | ||
<134>1 2023-12-22T08:38:43Z CP-Manager CheckPoint 10547 - [alert:"Expert_Alert"; flags:"139296"; ifdir:"inbound"; loguid:"{0x65854b15,0x0,0x6401a8c0,0x3c7878a}"; origin:"10.16.109.248"; sequencenum:"71"; time:"1703234323"; version:"5"; additional_info:"SSH connection by admin_org user to Expert Shell"; administrator:"admin_org"; client_ip:"10.16.109.244"; device_name:"CPFW-0001"; device_type:"GW"; operation:"Log In"; product:"Expert Shell"; subject:"Administrator Expert Shell login"] | ||
<134>1 2023-12-01T08:49:00Z CP-Manager CheckPoint 21491 - [alert:"Expert_Alert"; flags:"139296"; ifdir:"inbound"; loguid:"{0x65699dfe,0x0,0x6401a8c0,0x29fed3f3}"; origin:"10.16.109.248"; sequencenum:"165"; time:"1701420540"; version:"5"; additional_info:"SSH connection by mario.rossi@example.org user to Expert Shell"; administrator:"mario.rossi@example.org"; client_ip:"172.16.1.190"; device_name:"CPFW-0001"; device_type:"GW"; operation:"Log In"; product:"Expert Shell"; subject:"Administrator Expert Shell login"] | ||
<134>1 2023-12-29T14:20:02Z CP-Manager CheckPoint 10547 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x658ed593,0x1,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.153"; originsicname:"cn=cp_mgmt,o=CP-Manager.example.local"; sequencenum:"2"; time:"1703859602"; version:"5"; additional_info:"logout localhost"; administrator:"WEB_API"; client_ip:"192.168.1.153"; domain_name:"SMC User"; operation:"Log Out"; product:"WEB_API"; sendtotrackerasadvancedauditlog:"0"; session_uid:"f424fd06-f25a-44f1-918d-5c837b77f1c8"; subject:"Administrator Logout"] | ||
<134>1 2023-12-29T13:42:04Z CP-Manager CheckPoint 10547 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x658eccad,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.153"; originsicname:"cn=cp_mgmt,o=CP-Manager.example.local"; sequencenum:"1"; time:"1703857324"; version:"5"; administrator:"User (Example)"; client_ip:"127.0.0.1"; machine:"localhost"; operation:"Log Out"; operation_number:"12"; product:"WEB_API"; subject:"Administrator Login"] | ||
<134>1 2023-12-29T13:23:54Z CP-Manager CheckPoint 10547 - [action:"Accept"; flags:"163872"; ifdir:"outbound"; loguid:"{0x658ec86c,0x0,0x6401a8c0,0x3c7878a}"; origin:"192.168.1.153"; originsicname:"cn=cp_mgmt,o=CP-Manager.example.local"; sequencenum:"1"; time:"1703856234"; version:"5"; administrator:"mario.rossi@example.org"; client_ip:"10.16.10.27"; machine:"desktop0001.example.local"; operation:"Log Out"; operation_number:"12"; product:"SmartConsole"; subject:"Administrator Login"] |
Oops, something went wrong.