https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unveiling-the-Power-of-Compliance-Blade-Video-Slides-and-Q-amp-A/m-p/211647#M65494 <P>Slides are below the Q&amp;A, which is below the session video.</P> <P><div class="lia-vid-container video-embed-center"><div id="lia-vid-6351119087112w960h540r613" class="lia-video-brightcove-player-container"><video-js data-video-id="6351119087112" data-account="6058022097001" data-player="default" data-embed="default" class="vjs-fluid" controls="" data-application-id="" style="width: 100%; height: 100%;"></video-js></div><script src="https://players.brightcove.net/6058022097001/default_default/index.min.js"></script><script>(function() { var wrapper = document.getElementById('lia-vid-6351119087112w960h540r613'); var videoEl = wrapper ? wrapper.querySelector('video-js') : null; if (videoEl) { if (window.videojs) { window.videojs(videoEl).ready(function() { this.on('loadedmetadata', function() { this.el().querySelectorAll('.vjs-load-progress div[data-start]').forEach(function(bar) { bar.setAttribute('role', 'presentation'); bar.setAttribute('aria-hidden', 'true'); }); }); }); } }})();</script><a class="video-embed-link" href="https://community.checkpoint.com/t5/video/gallerypage/video-id/6351119087112">(view in My Videos)</a></div></P> <H3>Where are new Compliance Frameworks made available?</H3> <P>In the CheckMates Toolbox in the <A href="https://community.checkpoint.com/t5/Compliance/bd-p/Compliance" target="_self">Compliance</A> section.</P> <H3>Are Inline Layers supported?</H3> <P>Not presently and won't be supported in R82 either. This is in the roadmap.</P> <H3>How about checking if a host object complies with a requirement for a specific network object? Or usage of Zone objects?</H3> <P>We are working on a Policy Advisor that will be included with the Compliance Blade, target release is end of 2024.</P> <H3>How does this relate to Endpoint Compliance or CSPM? Will these be integrated for a "single pane of glass" view?</H3> <P>These offerings are currently separate as they are focused on their specific product(s). The roadmap to merge/unify these offerings has not been finalized. If you have specific requirements in this area, it is best to discuss them with your local Check Point office.</P> <H3>Will you incorporate a way for listing risky rules in a single policy / gateway rather than showing risks by rule on one or multiple gateways/policies? i.e. the viewpoint should be policy-focused on all risks rather than one risk all policies.</H3> <P>Not currently in the roadmap. Recommend discussing this requirement in the context of an RFE with your local Check Point office.</P> <H3>What about Quantum Spark appliances?</H3> <P>R82 will add support for compliance checking on centrally-managed Quantum Spark appliances (with Smart-1). Locally managed Quantum Spark appliances are not supported.</P> <H3>Will Compliance Blade work with the AI assistant that provides us suggestions?</H3> <P>Policy Advisor will be AI-enabled.</P> <H3>Is it possible to create our won best practice and use it at the same time as the "pre defined"/"standard" best practices?</H3> <P>Yes. You can create your one best practive for FW and GAiA. you can also create your own framework using CP Best Practices and the custom best practice that you create.&nbsp;</P> <H3>I cannot see any API references to the Compliance Blade. Can any of the functions be utilized via API today?</H3> <P>Not at present.</P> <H3>Can we make Compliance blade merge the results from hcp and PRO support (both run their own best practice checks)? To have all results in one place? Maybe infinity portal?</H3> <P>Not at present, but we will investigate this.</P> <H3>Can we run BP for all members in a Maestro security group? Or are we limited to the SMO?</H3> <P>Yes absolutely. Compliance will check each Member.</P> <H3>When having both Compliance and SmartEvent enabled on a Management server, is it recommended to e.g. offload the logging to a dedicated server to reduce the pressure on the management server?</H3> <P>Depends on the size of the environment being managed and number of logs ingested. Your Check Point SE should be able to help you size the environment accordingkly.</P> <H3>Is it possible to ignore a best practice to only a security gateway cluster or rule?</H3> <P>Yes absolutely.</P> Wed, 17 Apr 2024 20:02:49 GMT PhoneBoy 2024-04-17T20:02:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unveiling-the-Power-of-Compliance-Blade-Video-Slides-and-Q-amp-A/m-p/211647#M65494 <P>Slides are below the Q&amp;A, which is below the session video.</P> <P><div class="lia-vid-container video-embed-center"><div id="lia-vid-6351119087112w960h540r952" class="lia-video-brightcove-player-container"><video-js data-video-id="6351119087112" data-account="6058022097001" data-player="default" data-embed="default" class="vjs-fluid" controls="" data-application-id="" style="width: 100%; height: 100%;"></video-js></div><script src="https://players.brightcove.net/6058022097001/default_default/index.min.js"></script><script>(function() { var wrapper = document.getElementById('lia-vid-6351119087112w960h540r952'); var videoEl = wrapper ? wrapper.querySelector('video-js') : null; if (videoEl) { if (window.videojs) { window.videojs(videoEl).ready(function() { this.on('loadedmetadata', function() { this.el().querySelectorAll('.vjs-load-progress div[data-start]').forEach(function(bar) { bar.setAttribute('role', 'presentation'); bar.setAttribute('aria-hidden', 'true'); }); }); }); } }})();</script><a class="video-embed-link" href="https://community.checkpoint.com/t5/video/gallerypage/video-id/6351119087112">(view in My Videos)</a></div></P> <H3>Where are new Compliance Frameworks made available?</H3> <P>In the CheckMates Toolbox in the <A href="https://community.checkpoint.com/t5/Compliance/bd-p/Compliance" target="_self">Compliance</A> section.</P> <H3>Are Inline Layers supported?</H3> <P>Not presently and won't be supported in R82 either. This is in the roadmap.</P> <H3>How about checking if a host object complies with a requirement for a specific network object? Or usage of Zone objects?</H3> <P>We are working on a Policy Advisor that will be included with the Compliance Blade, target release is end of 2024.</P> <H3>How does this relate to Endpoint Compliance or CSPM? Will these be integrated for a "single pane of glass" view?</H3> <P>These offerings are currently separate as they are focused on their specific product(s). The roadmap to merge/unify these offerings has not been finalized. If you have specific requirements in this area, it is best to discuss them with your local Check Point office.</P> <H3>Will you incorporate a way for listing risky rules in a single policy / gateway rather than showing risks by rule on one or multiple gateways/policies? i.e. the viewpoint should be policy-focused on all risks rather than one risk all policies.</H3> <P>Not currently in the roadmap. Recommend discussing this requirement in the context of an RFE with your local Check Point office.</P> <H3>What about Quantum Spark appliances?</H3> <P>R82 will add support for compliance checking on centrally-managed Quantum Spark appliances (with Smart-1). Locally managed Quantum Spark appliances are not supported.</P> <H3>Will Compliance Blade work with the AI assistant that provides us suggestions?</H3> <P>Policy Advisor will be AI-enabled.</P> <H3>Is it possible to create our won best practice and use it at the same time as the "pre defined"/"standard" best practices?</H3> <P>Yes. You can create your one best practive for FW and GAiA. you can also create your own framework using CP Best Practices and the custom best practice that you create.&nbsp;</P> <H3>I cannot see any API references to the Compliance Blade. Can any of the functions be utilized via API today?</H3> <P>Not at present.</P> <H3>Can we make Compliance blade merge the results from hcp and PRO support (both run their own best practice checks)? To have all results in one place? Maybe infinity portal?</H3> <P>Not at present, but we will investigate this.</P> <H3>Can we run BP for all members in a Maestro security group? Or are we limited to the SMO?</H3> <P>Yes absolutely. Compliance will check each Member.</P> <H3>When having both Compliance and SmartEvent enabled on a Management server, is it recommended to e.g. offload the logging to a dedicated server to reduce the pressure on the management server?</H3> <P>Depends on the size of the environment being managed and number of logs ingested. Your Check Point SE should be able to help you size the environment accordingkly.</P> <H3>Is it possible to ignore a best practice to only a security gateway cluster or rule?</H3> <P>Yes absolutely.</P> Wed, 17 Apr 2024 20:02:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Unveiling-the-Power-of-Compliance-Blade-Video-Slides-and-Q-amp-A/m-p/211647#M65494 PhoneBoy 2024-04-17T20:02:49Z