https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/106355#M3048 <P>how severity and confidence levels are assigned to protections across all Sandblast Agent blades?? (AV / TE / Anti-Exploit / Behavioral Guard /&nbsp; Anti Ransomware / Port Protection / Firewall / App Control / Compliance).</P><P>I found some information in <SPAN>sk116254 but just regarding Network IPS /AV/AB.</SPAN></P><P>&nbsp;</P> Thu, 24 Dec 2020 15:33:34 GMT MikeB 2020-12-24T15:33:34Z https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/106355#M3048 <P>how severity and confidence levels are assigned to protections across all Sandblast Agent blades?? (AV / TE / Anti-Exploit / Behavioral Guard /&nbsp; Anti Ransomware / Port Protection / Firewall / App Control / Compliance).</P><P>I found some information in <SPAN>sk116254 but just regarding Network IPS /AV/AB.</SPAN></P><P>&nbsp;</P> Thu, 24 Dec 2020 15:33:34 GMT https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/106355#M3048 MikeB 2020-12-24T15:33:34Z https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/106367#M3049 <P>We use similar criteria for all blades.<BR />Firewall doesn’t use confidence/severity at all, neither does Port Protection.<BR />App Control includes undesirable properties as part of the rating (e.g. file sharing, anonymizers, cloud-based password managers) which aren’t necessarily malicious.&nbsp;</P> Thu, 24 Dec 2020 18:59:08 GMT https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/106367#M3049 PhoneBoy 2020-12-24T18:59:08Z https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/106372#M3050 <P>Thanks PhoneBoy.</P><P>Is there any SK for SBA with this official info available?? One of our SBA customers want to know details about the criteria used for incident classification that apperars in Forensic reports.&nbsp;</P><P>This is very important for them as they can plan their response to incidents.</P> Thu, 24 Dec 2020 19:38:37 GMT https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/106372#M3050 MikeB 2020-12-24T19:38:37Z https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/106374#M3051 <P>Maybe&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/9148">@Lior_Arzi</a>&nbsp;or someone on his team can clarify this.<BR />Meanwhile if you have concerns about how a specific incident is rated, I recommend a TAC case.</P> Thu, 24 Dec 2020 21:27:13 GMT https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/106374#M3051 PhoneBoy 2020-12-24T21:27:13Z https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/107217#M3842 <P>Hello,</P><P>Does someone from Check Point has more information about how&nbsp;<SPAN>severity and confidence levels are assigned in SBA blades? It is a requirement from some customers to have this information.</SPAN></P><P>&nbsp;</P> Thu, 07 Jan 2021 13:44:03 GMT https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/107217#M3842 RS_Daniel 2021-01-07T13:44:03Z https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/107235#M3843 <P>Like I previously said, it's similar to what's in&nbsp;<SPAN>sk116254.<BR /><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/9148">@Lior_Arzi</a>&nbsp;do we have anything more specific to SBA?<BR /></SPAN></P> Thu, 07 Jan 2021 16:52:28 GMT https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/107235#M3843 PhoneBoy 2021-01-07T16:52:28Z https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/107363#M3854 <P>For SBA blades, we don't have a dedicated documentation besides the information in SK116254. That SK, as mentioned above, provides&nbsp;the general guidlines and SBA complies with these guildlines.&nbsp;</P> <P>pls contact me directly if you need some specific information in that matter.&nbsp;</P> <P>&nbsp;</P> <P>10x</P> Sat, 09 Jan 2021 15:49:50 GMT https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/107363#M3854 Guy_Avnet 2021-01-09T15:49:50Z https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/107619#M3863 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/9013">@Guy_Avnet</a>&nbsp;, I just send you a private message. Hope you can help us</P> Tue, 12 Jan 2021 15:16:58 GMT https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/107619#M3863 MikeB 2021-01-12T15:16:58Z https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/124471#M4543 <P>I had sk116254 updated so it now lists Harmony Endpoint as one of the products it applies to.<BR />Hopefully that will help those who are looking for “official” documentation.</P> Tue, 20 Jul 2021 16:06:07 GMT https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m-p/124471#M4543 PhoneBoy 2021-07-20T16:06:07Z