Support Center > Search Results > SecureKnowledge Details
SmartEvent NGSE
Solution

Table of Contents

  • What's New
  • Documentation
  • Sizing Table
  • Downloads
  • Known Limitations
  • Related solutions

 

Check Point R80.10 is now available.

IMPORTANT: SmartEvent NGSE features were integrated into R80 (and higher). Check Point recommends to always update your systems to the most recent software release to stay current with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.

Refer to sk111313 - SmartEvent NGSE Stability and Enhancements hotfix.

 

What's New

NGSE version allows customers to enjoy the new and improved SmartEvent capabilities.

Enhanced Speed & Scale

  • Get results for filtering, searching and report-generating in seconds
  • Analyze hundreds of millions of logs per day

Smart Search

  • Free-text search, on an entire database of logs and events, with auto-suggest and favorites

Next Generation Reporting

  • Predefined graphical report templates covering most common security needs
  • Address all reporting requirements with new customizable reports

 

Next Generation SmartEvent provides customizable visibility into network activity in real time. Customizable views enable organizations to monitor activities that are most important to them. Personalized reports allow key stakeholders to be quickly informed about relevant security activities in their organization, focusing only on the data relevant to their function. Next Generation SmartEvent empowers organizations to monitor only what is important to them, saving time, and helping to easily prioritize incident response to threats.

Next Generation SmartEvent delivers big data threat detection capabilities in just seconds. Administrators can move from a high level view to detailed forensic analysis with just a simple click. Using the free-text search, along with suggestions, and recent searches, organizations can quickly analyze data and identify critical security events from the clutter. Next Generation SmartEvent enables organizations to collect, process, and search billions of logs in just seconds.

 

Documentation

 

Sizing Table

Use the SmartEvent Sizing Tool to estimate the number of events per day to be created from the logs. Based on that, compare it with values in this table to find the suitable Smart-1 appliance or equivalent Open Server. Following these guidelines will ensure great performance of SmartEvent.

  Smart-1 205 Smart-1 210 Smart-1 225 (3) Smart-1 3050 (3) Smart-1 3150 (3)
Events per day (1) 350,000 650,000 1,300,000 4,000,000 10,000,000
Log size per day (2) 3.5 GB 6.5 GB 13 GB 40 GB 100 GB
Number of users (2) 900 1,600 3,000 10,000 25,000
Hardware specifications
for equivalent Open Server
2 CPU cores
4 GB RAM
- 4 CPU cores
32 GB RAM
- 12 CPU cores
256 GB RAM
  1. Use the SmartEvent Sizing Tool to estimate the number of events per day.
  2. Refer to these numbers for rough estimation, if you cannot use the SmartEvent Sizing Tool.
  3. Assuming extended RAM is installed:
    • Smart-1 225 - 32GB
    • Smart-1 3050 - 128GB
    • Smart-1 3150 - 256GB

Notes:

  • Refer to sk80720 for advanced tuning suggestions to maximize the performance.
  • The SmartEvent Sizing Tool is not suitable for R80.
  • The above Sizing Table applies to R80 version as well (the numbers were received based on estimations and testing in the lab).

 

Downloads

Note: Refer to sk111313 - SmartEvent NGSE Stability and Enhancements hotfix.

In order to download these packages, you will need to have a Software Subscription or Active Support plan.

Images

Platform Fresh Install Upgrade from NGSE Public EA
Smart-1 205
Smart-1 210
Smart-1 225
Smart-1 3050
Smart-1 3150
  1. Choose the NGSE Default Image

  2. Install (TGZ) *

  3. Install (TGZ) *
(TGZ)
Open Server (ISO) (TGZ)
Smart-1 25
Smart-1 25B
Smart-1 50
Smart-1 150
(ISO) (TGZ)

* Required only on Smart-1 appliances that come with R77.10 / R77.20 image. Smart-1 appliances that come with the R77.30 image, already have NGSE General Availability (GA) package.

For installation instructions, refer to Check Point NGSE Release Notes and Getting Started Guide.

SmartConsole

SmartConsole Link
SmartConsole NGSE * (EXE)

Notes:

  • Use this SmartConsole. Do not download the SmartConsole from Gaia Portal of SmartEvent NGSE server. If you have an old SmartEvent NGSE GUI client installed on your computer, uninstall it before you install this one.
  • Effective 14 July 2016, SmartConsole NGSE was replaced with improved version.

 

Known Limitations

These features are not supported in this version:

  • Upgrade:
    • From SmartEvent R77.X to NGSE is not supported - a clean installation is required.
      Workaround: Import the log files from an earlier version (refer to "Importing SmartEvent Log Files" on page 9).
    • From NGSE Public EA to NGSE GA is supported - refer to "Downloads" section above.
    • From NGSE GA to R80.x is not supported.
  • Exclusion for non-correlated events.
    Workaround: Create custom queries to filter out events or change the applicable rules in SmartDashboard.
  • Exceptions for non-correlated events.
    Workaround: You can create a correlated event with the required exception in SmartEvent > Policy tab.
  • IPv6 addresses.
  • Demo mode.
  • Block Source IP address by Automatic Reaction.
  • Number of sessions in SmartEvent NGSE report when in Application & URL Filtering rule the Track is set to 'Complete Log' (refer to sk102389).
  • Filter in "Direction" field (Incoming/Outgoing) (refer to sk107289).
  • Case-insensitive search in SmartEvent NGSE (refer to sk102392).
  • Create new report from scratch (refer to sk102393).
  • Configure number of rows in report tables (refer to sk102394).
  • "Follow Up" flag in IPS events received from IPS logs (refer to sk106772).
  • Exporting / importing only one report page (refer to sk102395).
  • Saving filters for scheduled reports (refer to sk102396).
  • Domains and their objects are missing from report filters in Global SmartEvent GUI (only Global objects are shown) (refer to sk106212).
  • SmartLog is not supported on Global SmartEvent (all versions).
  • SmartLog R77 is not supported to work with SmartEvent NGSE server.

Other limitations:

  • SmartEvent NGSE must be installed on a dedicated server connected to a Security Management Server / Multi-Domain Security Management Server.
    StandAlone deployment (SmartEvent NGSE and Management Server on the same machine) is not supported.
  • User must have full administrator permissions to change customized reports.
  • This version supports only the Gaia operating system.
  • External event storage - SmartEvent events cannot be saved to external Storage. Events can only be saved locally on the SmartEvent server.
  • Custom Queries are not saved after upgrading from Public EA version to GA version.
  • SmartEvent NGSE does not send auto-reaction e-mails (refer to sk106958).
  • Cannot launch SmartDashboard from the Event Card in SmartEvent NGSE GUI (refer to sk106675).
  • Resource filter is missing in SmartEvent NGSE GUI (refer to sk108114).
  • When the "Auto Refresh Query Every 60 seconds" option is enabled, the Auto Refresh action does not occur at all in SmartEvent NGSE GUI (refer to sk108472).
  • SmartEvent NGSE shows wrong PC hostnames in DHCP environment (refer to sk106337).
  • Summary row in SmartEvent NGSE report can only show the sum of the shown values (refer to sk102397).
  • When filtering on a user from the drop-down list, information is not displayed (refer to sk106773).
  • "No events matching the current search criteria were found" error when running Custom Event Query with "Event Definition Name" filter (refer to sk108602).
  • SmartEvent NGSE GUI does not show URLs on "Event" tab (refer to sk108154).
  • "Network Activity" report is generated without any results when filtering for objects with special characters such as "-" and "+" (refer to sk108637).
  • "Performance Impact" column is blank on event list on SmartEvent NGSE GUI (refer to sk106843).
  • The minimal number of occurrences field and the period field are empty when adding an exception to event definition (refer to sk106408).
  • Specifying an Origin in the Run-Time filter for SmartEvent NGSE report results in a blank report (refer to sk106204).
  • Filter does not work when adding origin filter in event query properties (refer to sk106781).
  • User defined events are not correlated (refer to sk107276).

Notes:

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment