topic Re: process monitoring can be possible in Checkpoint Endpoint in Endpoint

process monitoring can be possible in Checkpoint Endpoint

ritenm — Thu, 23 Apr 2020 08:21:26 GMT

I need to know if process monitoring can be possible in Checkpoint Endpoint
needs to know if mstsc.exe needs to be watched or poweshell.exe or wmic.exe is executed So that I can build queries ..for DLL Side-loading.

Re: process monitoring can be possible in Checkpoint Endpoint

PhoneBoy — Sun, 26 Apr 2020 01:33:22 GMT

Application Control on Endpoint can restrict what binaries can run.
SandBlast Agent and some of the other endpoint controls can track and block malicious activities by any process.
Forensics will even tell you what process did what.

So what is it you exactly are looking to do?

Re: process monitoring can be possible in Checkpoint Endpoint

Yoni_Nave — Tue, 28 Apr 2020 09:18:44 GMT

Checkpoint now offers a beta version of threat hunt as part of Infinity portal.

Using threat hunt you can easily create complex queries based on raw enriched data collected from the endpoints.

Data collected includes process, connections, files, registry events and more.

It is possible to join the beta program by logging to the Infinity portal (https://portal.checkpoint.com/signin) and apply a request to be added to the threat hunt beta program.