Change Tracking

Maintain control and accountability by tracking all changes to security policies and configurations across firewalls and cloud environments.

As policies evolve through routine maintenance and urgent remediation, you need clear visibility into what changed, who made the change, and how it affects enforcement. Change tracking helps you verify intended updates, detect unauthorized modifications, and speed up troubleshooting when policy changes disrupt access.

Change Tracking guides you through using SecureTrack to:

• Compare policy revisions across devices to identify what changed and when.

• Track rule and object history to understand how specific rules evolve over time, including indirect changes.

• Use Change Browser and reconciliation with SecureChange tickets to identify authorized changes from unauthorized activity.

Why this matters

• Ensure that every security policy and configuration change is intentional, authorized, and traceable across your environment.

• Reduce troubleshooting time by quickly isolating the specific rule, object, or revision change that introduces access issues.

• Maintain audit readiness by preserving an accountable change history, and when SecureChange is integrated, linking changes to approved tickets.

Who this is for

• Change managers responsible for monitoring and auditing policy changes.

• Firewall administrators responsible for troubleshooting issues post revisions, and validating rule implementations.

• Compliance analysts responsible for reviewing change reports for policy reports for audits.

Key capabilities

Change Tracking leverages key features in SecureTrack to track and control changes to devices or rules, complementing policy optimization and cleanup:

• Compare Revisions to compare revisions for selected devices and export results for documentation or audit purposes

• Rule History in Rule Viewer to drill down into the change history for a selected rule.

• Device History in Device Viewer to drill down into the revision history for a selected device.

• Change Browser to identify authorized and unauthorized changes.

• General and STRE reports to track changes and revisions to devices and rules, including rule changes based on referenced objects.

Prerequisites

• Successful completion of Centralized Security Policy Visibility

• SecureTrack Reporting Essentials (STRE) installed and configured to generate required predefined or custom reports

Step 1: Track changes by comparing revisions

After you optimize and clean up device security policies, track ongoing changes to confirm intended updates, detect unauthorized modifications, and speed up troubleshooting.

SecureTrack continually collects and stores device configurations as revisions. Each revision is a point-in-time snapshot of a device’s policy and configuration. Revisions let you see exactly what changed, when it changed, and who made the change.

Use SecureTrack's Compare Revisions to:

• Track policy and configuration changes across time for a single device or a selected group of devices.

• Narrow the comparison with filters so you focus on the changes that matter.

Filter revisions to focus comparison

Use built-in filters to track changes by time frame, revision number, and other criteria so you can quickly find the relevant updates.

See Filtering revisions.

Track configuration changes with full accountability

Compare any two revisions for a single device or a group of devices to review both the technical changes and the accountability details (for example, who made the change and when).

See:

Comparing revisions

Viewing revision history

Track policy changes to troubleshoot issues

Compare the current policy to an earlier, known-good revision to isolate the specific rule or object changes that cause traffic disruptions after a policy install. This helps restore service faster and improve uptime.

See Comparing policy revisions.

Step 2: Track rule changes with rule history

In addition to tracking device-level policy and configuration revisions, track changes to individual rules on supported devices, including OPM devices. Rule-level history illustrates how a specific rule evolves over time, identify the source of unexpected behavior, and detect unauthorized updates.

Use Rule Viewer's Rule History to capture:

• Direct changes to a rule (for example, adding an object to Source or Destination).

• Indirect changes that affect the rule (for example, adding a member to a group that the rule references).

View rule history

1. Open Rule Viewer, filter by device, and drill down into a specific rule.

2. Open Rule History to see details, including user actions.

3. Use the date and time filters to narrow the history to a specific time frame.

See Rule history.

Step 4: Track device change with revision history

Another option to track revisions and changes to security policy for monitored devices is through revision history. The Revision History page displays policy revisions for a selected device, and provides change-tracking capabilities for the security policy.

A revision is a snapshot of a device's security and networking configuration. This displays all configuration changes the device has undergone, which can be filtered by date and time.

View revision history for devices

1. Open Device Viewer, and drill down into the device you want to investigate.

2. Open Revision History.

3. Use the date and time filters to narrow the list to the relevant change window.

See Revision history.

Step 5: Track authorized and unauthorized changes

View a unified list of changes to identify authorized activity from unauthorized modifications. This helps to validate change control and prioritize what to investigate, in addition to tracking changes though device and rule history.

Use SecureTrack's Change Browser to:

• Filter by device to focus on the changes you need to review.

• Reconcile each change to confirm whether it is authorized:

  • If SecureChange integration is enabled, SecureTrack automatically reconciles changes with the associated change tickets. You can quickly confirm which revisions result from approved requests.

  • If SecureChange is not integrated, manually update the reconciliation status for each change entry.

See Change Browser.

Step 6: Generate SecureTrack change tracking reports

SecureTrack includes predefined reports that document changes to devices and policies. Use these reports to review and analyze changes offline.

Use SecureTrack's General Reports to generate change tracking reports.

Predefined change tracking reports

SecureTrack includes the following reports for change tracking data:

• New Revision

  Track new revisions collected for devices.

• Advanced Change

  Track policy changes within a selected time frame.

• Firewall Module Change

  Track detailed rule/module-level changes for Check Point firewalls.

• Rule Change

  Track how individual firewall rules change over time. You can also configure this report to trigger when a change is detected.

• Object Change

  Track how network and service objects change over time. You can also configure this report to trigger when a change is detected.

See:

Configuring SecureTrack reports

How reports work

Step 7: Generate STRE Rule and Object Changes report

To investigate rule changes based on the objects they reference, generate the STRE Rule and Object Usage report.

Use SecureTrack 's Reporting Essentials to generate the report.

Generate STRE Rule and Object Changes report

1. Go to SecureTrack > Reports > Reporting Essentials.

2. Select Rule and Object Changes, and then configure as needed.

See:

Rule and Object Usage report

Creating/Generating a Rule and Object Usage Report