https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-Telemetry-Tracking-for-Windows/m-p/205622#M8209 <P>I'm fairly certain sharing a link to this would not violate any community rules.<BR />Having said that, if you're concerned about that, please provide the link to me in a PM.</P> <P>In any case, this reads like something that would appear in an RFI/RFP.<BR />For these sorts of questions, best to engage with your local Check Point office.</P> Fri, 09 Feb 2024 21:15:57 GMT PhoneBoy 2024-02-09T21:15:57Z https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-Telemetry-Tracking-for-Windows/m-p/204886#M8141 <P>Hello,</P><P>Is it possible to have the list of items monitored by Harmony Endpoint?</P><P>I have a list of items below, for each item, I would like to know if it is:</P><TABLE border="1" width="500" cellspacing="0" cellpadding="0"><COLGROUP><COL width="176" /></COLGROUP><TBODY><TR><TD width="499px" height="25px">Implemented</TD></TR><TR><TD width="499px" height="25px">Not Implemented</TD></TR><TR><TD width="499px" height="25px">Partially Implemented</TD></TR><TR><TD width="499px" height="25px">Via Windows EventLogs (EDR is inspecting windows event logs to collect the telemetry)</TD></TR><TR><TD width="499px" height="47px">Via EnablingTelemetry (Additional telemetry that can be enabled easily as part of the Harmony Endpoint solution but is not ON by default.)</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>Item list:</P><TABLE><TBODY><TR><TD>Telemetry Feature Category</TD><TD>Sub-Category</TD></TR><TR><TD>Process Activity</TD><TD>Process Creation</TD></TR><TR><TD>&nbsp;</TD><TD>Process Termination</TD></TR><TR><TD>&nbsp;</TD><TD>Process Access</TD></TR><TR><TD>&nbsp;</TD><TD>Image/Library Loaded</TD></TR><TR><TD>&nbsp;</TD><TD>Remote Thread Creation</TD></TR><TR><TD>&nbsp;</TD><TD>Process Tampering Activity</TD></TR><TR><TD>File Manipulation</TD><TD>File Creation</TD></TR><TR><TD>&nbsp;</TD><TD>File Opened</TD></TR><TR><TD>&nbsp;</TD><TD>File Deletion</TD></TR><TR><TD>&nbsp;</TD><TD>File Modification</TD></TR><TR><TD>&nbsp;</TD><TD>File Renaming</TD></TR><TR><TD>User Account Activity</TD><TD>Local Account Creation</TD></TR><TR><TD>&nbsp;</TD><TD>Local Account Modification</TD></TR><TR><TD>&nbsp;</TD><TD>Local Account Deletion</TD></TR><TR><TD>&nbsp;</TD><TD>Account Login</TD></TR><TR><TD>&nbsp;</TD><TD>Account Logoff</TD></TR><TR><TD>Network Activity</TD><TD>TCP Connection</TD></TR><TR><TD>&nbsp;</TD><TD>UDP Connection</TD></TR><TR><TD>&nbsp;</TD><TD>URL</TD></TR><TR><TD>&nbsp;</TD><TD>DNS Query</TD></TR><TR><TD>&nbsp;</TD><TD>File Downloaded</TD></TR><TR><TD>Hash Algorithms</TD><TD>MD5</TD></TR><TR><TD>&nbsp;</TD><TD>SHA</TD></TR><TR><TD>&nbsp;</TD><TD>IMPHASH</TD></TR><TR><TD>Registry Activity</TD><TD>Key/Value Creation</TD></TR><TR><TD>&nbsp;</TD><TD>Key/Value Modification</TD></TR><TR><TD>&nbsp;</TD><TD>Key/Value Deletion</TD></TR><TR><TD>Schedule Task Activity</TD><TD>Scheduled Task Creation</TD></TR><TR><TD>&nbsp;</TD><TD>Scheduled Task Modification</TD></TR><TR><TD>&nbsp;</TD><TD>Scheduled Task Deletion</TD></TR><TR><TD>Service Activity</TD><TD>Service Creation</TD></TR><TR><TD>&nbsp;</TD><TD>Service Modification</TD></TR><TR><TD>&nbsp;</TD><TD>Service Deletion</TD></TR><TR><TD>Driver/Module Activity</TD><TD>Driver Loaded</TD></TR><TR><TD>&nbsp;</TD><TD>Driver Modification</TD></TR><TR><TD>&nbsp;</TD><TD>Driver Unloaded</TD></TR><TR><TD>Device Operations</TD><TD>Virtual Disk Mount</TD></TR><TR><TD>&nbsp;</TD><TD>USB Device Unmount</TD></TR><TR><TD>&nbsp;</TD><TD>USB Device Mount</TD></TR><TR><TD>Other Relevant Events</TD><TD>Group Policy Modification</TD></TR><TR><TD>Named Pipe Activity</TD><TD>Pipe Creation</TD></TR><TR><TD>&nbsp;</TD><TD>Pipe Connection</TD></TR><TR><TD>EDR SysOps</TD><TD>Agent Start</TD></TR><TR><TD>&nbsp;</TD><TD>Agent Stop</TD></TR><TR><TD>&nbsp;</TD><TD>Agent Install</TD></TR><TR><TD>&nbsp;</TD><TD>Agent Uninstall</TD></TR><TR><TD>&nbsp;</TD><TD>Agent Keep-Alive</TD></TR><TR><TD>&nbsp;</TD><TD>Agent Errors</TD></TR><TR><TD>WMI Activity</TD><TD>WmiEventConsumerToFilter</TD></TR><TR><TD>&nbsp;</TD><TD>WmiEventConsumer</TD></TR><TR><TD>&nbsp;</TD><TD>WmiEventFilter</TD></TR><TR><TD>BIT JOBS Activity</TD><TD>BIT JOBS Activity</TD></TR><TR><TD>PowerShell Activity</TD><TD>Script-Block Activity</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>Note that this list was retrieved from a GitHub project, but I can't mention it due to Check Point community rules.</P><P>&nbsp;</P><P>Kind regards,</P> Fri, 02 Feb 2024 13:50:23 GMT https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-Telemetry-Tracking-for-Windows/m-p/204886#M8141 gg_fga 2024-02-02T13:50:23Z https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-Telemetry-Tracking-for-Windows/m-p/205622#M8209 <P>I'm fairly certain sharing a link to this would not violate any community rules.<BR />Having said that, if you're concerned about that, please provide the link to me in a PM.</P> <P>In any case, this reads like something that would appear in an RFI/RFP.<BR />For these sorts of questions, best to engage with your local Check Point office.</P> Fri, 09 Feb 2024 21:15:57 GMT https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-Telemetry-Tracking-for-Windows/m-p/205622#M8209 PhoneBoy 2024-02-09T21:15:57Z https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-Telemetry-Tracking-for-Windows/m-p/206114#M8246 <P>Hi,</P><P>I already posted the same topic with the link, but it was rejected. I'll send it to you by PM.</P><P>The idea is to make Check Point more widely known, and I'm sure that the EDR answers many of the points listed.</P> Wed, 14 Feb 2024 16:28:57 GMT https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-Telemetry-Tracking-for-Windows/m-p/206114#M8246 gg_fga 2024-02-14T16:28:57Z