https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Active-Response-Add-on-for-Splunk/m-p/95534#M92877 <P>Hi, any updates on the documentation and configuration steps?</P> <P>What feedback from users/customers?</P> Fri, 28 Aug 2020 17:06:15 GMT ToRo 2020-08-28T17:06:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Active-Response-Add-on-for-Splunk/m-p/22253#M92875 <HTML><HEAD></HEAD><BODY><P>We are happy to announce the Check Point Active Response Add-on is now available on Splunkbase:&nbsp;<A class="link-titled" href="https://splunkbase.splunk.com/app/4115/" title="https://splunkbase.splunk.com/app/4115/">Check Point Adaptive Response Add-on | Splunkbase</A>&nbsp;</P><P></P><P>This initiative was created to help SOCs (Security Operations Centers) create and deliver a consolidated threat response across all products. This new AR Add-on will allow our joint customers to extract malicious IOCs from the Splunk environment and push them to Check Point gateways for enforcement:</P><P>&nbsp;</P><UL><LI>Fetch IOC values =&gt; user can write search queries to automatically fetch IOCs or manually input IOCs from Splunk ES Incident Review Dashboard</LI><LI>Create a csv file with IOC values/types/metadata</LI><LI>Push csv file to Check Point gateway for policy enforcement&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</LI></UL><P></P><P>The Check Point Gateway side of this is based on the Custom Intelligence Feeds" feature, currently in Early Availability for R80.10 Gateways.</P><P>For more information and to join the EA, refer to:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk132193" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk132193">What is "Custom Intelligence Feeds" feature?</A>&nbsp;</P></BODY></HTML> Mon, 27 Aug 2018 17:13:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Active-Response-Add-on-for-Splunk/m-p/22253#M92875 PhoneBoy 2018-08-27T17:13:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Active-Response-Add-on-for-Splunk/m-p/22254#M92876 <HTML><HEAD></HEAD><BODY><P>ICYMI, we have documented this in&nbsp;<A class="link-titled" href="https://sc1.checkpoint.com/documents/AdaptiveResponsive_Splunk/html_frameset.htm" title="https://sc1.checkpoint.com/documents/AdaptiveResponsive_Splunk/html_frameset.htm">Check Point Adaptive Response Add-on for Splunk v1.0 User Guide</A>.&nbsp;&nbsp;</P></BODY></HTML> Tue, 20 Nov 2018 19:25:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Active-Response-Add-on-for-Splunk/m-p/22254#M92876 DeletedUser 2018-11-20T19:25:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Active-Response-Add-on-for-Splunk/m-p/95534#M92877 <P>Hi, any updates on the documentation and configuration steps?</P> <P>What feedback from users/customers?</P> Fri, 28 Aug 2020 17:06:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Active-Response-Add-on-for-Splunk/m-p/95534#M92877 ToRo 2020-08-28T17:06:15Z