Oren Koren

Threat Prevention Cyber-attacks dashboard

Blog Post created by Oren Koren on Apr 4, 2018

****************************************************************update****************************************************************

 

Hey,

few months ago, we started to work the new dashboard for Threat Prevention Investigation methods.

i am happy to announce that we formally released the version for R80.10 under the following SK - sk134634

you are welcome to look on the related post for this release

 

****************************************************************update****************************************************************

 

 

Hey all,

We are considering adding new dashboards to Smart View, and would love your input.

One of them is the ‘Threat Prevention Cyber-attacks dashboard’ divided to business questions:       

  • Malicious files
    • User received malicious files via mail
    • User downloaded malicious files from web
  • Hosts exploit attempts
  • Hosts scanning
  • Users surfed to malicious web-sites
  • Infected hosts

For each question – we created a drill-down dashboard (by double clicking the number OR text, you will deep-dive to the next dashboard).

By double clicking again on an IOC (Indicator of compromise), you will get the logs of the attack you are interested to see and related to this IOC. The dashboard is divided into prevent & detect sections.

 

Examples:

Mail View

 

Mail Vector View

 

Hosts Exploit View

 

FAQ

How can I upload the dashboard into my environment?

  • Download the attached file 
  • Extract the archive 
  • Click ‘logs and monitor’ -> open a new tab by clicking -> click Views -> Actions -> Import Template
  • Import all the files (they are connected to each other in the dashboard)
  • Click on the view ‘Cyber Attack View - Beta’ and start to investigate

 

If I find a malfunction/have a suggestion for one of the views, what should I do?

  • You can edit the queries/delete the non-relevant widgets if you find them not relevant for your network.
  • Send me a direct mail : orenkor@checkpoint.com with the malfunction/suggestion so we will be able to fix it(please add your SE/Account to the mail + Screen shot for better understanding)
  • Comment in this thread

 

Can I copy some of the widgets into my own dashboard?

Ofcorse – right click the title of the widget and copy it.

 

For which versions this dashboard is working?

This dashboard was created for R80.10 version and above

 

For which blades is this dashboard is relevant?

Anti-Bot, Anti-Virus, IPS, Threat Emulation

 

Thanks,

Oren

Outcomes