topic Sending Harmony Endpoint EDR Detections to a SIEM in Endpoint https://community.checkpoint.com/t5/Endpoint/Sending-Harmony-Endpoint-EDR-Detections-to-a-SIEM/m-p/163924#M6261 <P>I've written a Python module for querying Harmony Endpoint detections ('Active Attacks'). The code is here, within a Splunk add-on for ingesting those alerts into Splunk.</P><P><A href="https://github.com/gf13579/ta_for_cpharmony" target="_blank" rel="noopener">gf13579/ta_for_cpharmony (github.com)</A></P><P>Note that the module can be used independently of Splunk - just grab&nbsp;cpharmonylib.py and&nbsp;cpharmony_consts.py.</P><P>Also note that this code isn't using the Harmony Connect API (<A href="https://app.swaggerhub.com/apis-docs/Check-Point/harmony-connect-api" target="_blank" rel="noopener">Build, Collaborate &amp; Integrate APIs | SwaggerHub</A>) as that doesn't appear to support querying endpoint detections (yet). The module I've written is leveraging the APIs used by the Infinity Portal itself.</P><P>This blog post explains how it works in more detail:&nbsp;<A href="https://spinningplates.net/posts/borrowing-apis-from-single-page-apps/" target="_blank" rel="noopener">Connecting the Unconnectable; Borrowing APIs from Single Page Applications | spinning plates</A>.</P> Fri, 02 Dec 2022 04:55:34 GMT cp65536 2022-12-02T04:55:34Z Sending Harmony Endpoint EDR Detections to a SIEM https://community.checkpoint.com/t5/Endpoint/Sending-Harmony-Endpoint-EDR-Detections-to-a-SIEM/m-p/163924#M6261 <P>I've written a Python module for querying Harmony Endpoint detections ('Active Attacks'). The code is here, within a Splunk add-on for ingesting those alerts into Splunk.</P><P><A href="https://github.com/gf13579/ta_for_cpharmony" target="_blank" rel="noopener">gf13579/ta_for_cpharmony (github.com)</A></P><P>Note that the module can be used independently of Splunk - just grab&nbsp;cpharmonylib.py and&nbsp;cpharmony_consts.py.</P><P>Also note that this code isn't using the Harmony Connect API (<A href="https://app.swaggerhub.com/apis-docs/Check-Point/harmony-connect-api" target="_blank" rel="noopener">Build, Collaborate &amp; Integrate APIs | SwaggerHub</A>) as that doesn't appear to support querying endpoint detections (yet). The module I've written is leveraging the APIs used by the Infinity Portal itself.</P><P>This blog post explains how it works in more detail:&nbsp;<A href="https://spinningplates.net/posts/borrowing-apis-from-single-page-apps/" target="_blank" rel="noopener">Connecting the Unconnectable; Borrowing APIs from Single Page Applications | spinning plates</A>.</P> Fri, 02 Dec 2022 04:55:34 GMT https://community.checkpoint.com/t5/Endpoint/Sending-Harmony-Endpoint-EDR-Detections-to-a-SIEM/m-p/163924#M6261 cp65536 2022-12-02T04:55:34Z