https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/118306#M192 <P>Hey Mike,</P> <P>it is not working for now on the raw logs of the agent.</P> <P>we are extracting all the MITRE content from our agent to the Forensics but in the agent side we are mainly focused on the threat hunting and full MITRE coverage in the cloud deployment.</P> Thu, 13 May 2021 06:56:02 GMT Oren_Koren 2021-05-13T06:56:02Z https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/118273#M190 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MITRE-ATTACK-CheckMates.jpg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/11676i8CDBCCFEC9787D54/image-size/large?v=v2&amp;px=999" role="button" title="MITRE-ATTACK-CheckMates.jpg" alt="MITRE-ATTACK-CheckMates.jpg" /></span></P> <P>in today world of emerging threat, MITRE ATT&amp;CK allows us to understand better the attacker intent and take actions upon the threats that has been detected.</P> <P>&nbsp;</P> <P>the MITRE ATT&amp;CK extension to SmartConsole (R80.30 version and above) expose the attackers intent by analyzing automatically your logs and use them to expose your own ATT&amp;CK landscape and the Mitigations you need to take.</P> <UL> <LI>The extension is focus on analyzing IPS &amp; AB logs and have a dependency on SmartEvent that needed to be enabled.</LI> <LI>The report capability is available from R81.10 and will be ported to older versions after R81.10 GA release.</LI> </UL> <P>The community version can be downloaded from this link:</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><A href="https://secureupdates.checkpoint.com/appi/mitre/mitre_network/extension.json" target="_blank">https://secureupdates.checkpoint.com/appi/mitre/mitre_network/extension.json</A></P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">if you have any questions, inputs, challenges&nbsp; - please update us or send a direct email to orenkor@checkpoint.com</P> Wed, 12 May 2021 16:15:06 GMT https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/118273#M190 Oren_Koren 2021-05-12T16:15:06Z https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/118292#M191 <P>Thanks Oren!&nbsp;</P><P>This also can work for Sandblast Agent?? I know we can see a special view under Threat Hunting but we are unable to generate a report based on Threat Hunting querys</P> Wed, 12 May 2021 21:09:05 GMT https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/118292#M191 MikeB 2021-05-12T21:09:05Z https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/118306#M192 <P>Hey Mike,</P> <P>it is not working for now on the raw logs of the agent.</P> <P>we are extracting all the MITRE content from our agent to the Forensics but in the agent side we are mainly focused on the threat hunting and full MITRE coverage in the cloud deployment.</P> Thu, 13 May 2021 06:56:02 GMT https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/118306#M192 Oren_Koren 2021-05-13T06:56:02Z https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/118505#M193 <P>Why is it not possible to use this extension without approving CP to use metadata and application usage?</P><P>Internal policies disallow me to use such applications&nbsp;<span class="lia-unicode-emoji" title=":face_with_rolling_eyes:">🙄</span></P> Mon, 17 May 2021 09:49:32 GMT https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/118505#M193 Daniel_ 2021-05-17T09:49:32Z https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/118768#M194 <P>Hey,</P> <P>the extension is complementary to our customers.</P> <P>we have just released it and the main goal is to understand if there are errors and what is the customer flow of usage to improve it.</P> <P>we do not collect any info on the network of the customer, just the usage (where he clicked and what are the errors) - thats how we can improve a web application that is a complementary and without any payment for.</P> Wed, 19 May 2021 08:24:50 GMT https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/118768#M194 Oren_Koren 2021-05-19T08:24:50Z https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/120274#M195 <P>Hi Oren,</P><P>I'm trying to run extension and I have just error "Sorry, there was a problem loading the page...".</P><P>Any idea to solve ?</P> Thu, 03 Jun 2021 09:42:19 GMT https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/120274#M195 Peter_Roth 2021-06-03T09:42:19Z https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/145363#M229 <P>Das it work with MDM?</P> Mon, 04 Apr 2022 12:33:16 GMT https://community.checkpoint.com/t5/SmartConsole-Extensions/MITRE-ATT-amp-CK-Extension/m-p/145363#M229 mkuehn 2022-04-04T12:33:16Z