topic Re: Forwarding Events to third-party SIEM solutions in Events

Forwarding Events to third-party SIEM solutions

George_Casper — Wed, 14 Aug 2024 16:08:25 GMT

Received an Email survey from Checkpoint with a link to mailing.checkpoint.com which redirects to some odd sounding hosting service on [an].[gr-wcon].[com] While Checkpoint URL categorization allowed it, Microsoft Smartscreen blocked it.

Assuming this is a legit survey Checkpoint just used a lower reputation survey/hosting service, putting my response here.

Add direct integrations for broader list of 3rd party SIEM's

ELK Stack
Azure Sentinel
Google Security Operations SIEM

Re: Forwarding Events to third-party SIEM solutions

Lesley — Wed, 14 Aug 2024 18:26:57 GMT

I have read this post couple times but I don't get it to be honest.

Re: Forwarding Events to third-party SIEM solutions

George_Casper — Wed, 14 Aug 2024 18:32:52 GMT

Can

Valeri Loukine (Val) from Checkpoint Checkmates that sent this email provide some context?

Hi CheckMates,

We are currently enhancing our Events and Logs solutions and would like to invite you to collaborate with us in defining the short-term roadmap. Your expertise and insights will be invaluable in shaping the future direction and ensuring we meet our goals effectively

Your input will help us tailor our solutions to better meet the unique security needs of your organizations.

We greatly appreciate your participation and look forward to your valuable feedback.

Best regards,

Val,

Head of CheckMates

Re: Forwarding Events to third-party SIEM solutions

Lesley — Wed, 14 Aug 2024 19:00:46 GMT

Ah you want to discuss the e-mail on the community. I filled it in: Your response was submitted.

Nothing more I can add so I will leave this thread 🙂

Re: Forwarding Events to third-party SIEM solutions

George_Casper — Wed, 14 Aug 2024 19:06:09 GMT

Exactly.

Could you also escalate review of the hosting/survey website the link leads to? Doesn't seem to have the best reputation and blocked by other security solutions. Perhaps Checkpoint needs to re-evaluate which hosting/survey platform is used for next communications with customers & community

Thank you

Re: Forwarding Events to third-party SIEM solutions

Lesley — Wed, 14 Aug 2024 19:20:11 GMT

Nop Check Point does not send me a pay check 😉

Re: Forwarding Events to third-party SIEM solutions

_Val_ — Thu, 15 Aug 2024 07:29:48 GMT

Hi @George_Casper and all,

We are using a third-party platform to send our community emails. As part of the service, the platform tracks links through redirect domains. One of them, an.gr-wcon.com, is about a week old, and some of the less elaborate security solutions flag it for unknown reputation.

You are right to be prudent and cautious, but in this particular case, you have a false positive flag.

Yes, we raised the issue with the service provider, but as with many false positive security issues, the root cause is mostly out of their control.

I hope this addresses your concerns.

You can go and fill out the survey at your pleasure, with this direct link, no redirections.

Just for transparency's sake, we are using Microsoft Forms to collect the responses.

For any further inquiry, please reach out to me directly via email: vloukine@checkpoint.com

Thanks,
Val

Re: Forwarding Events to third-party SIEM solutions

_Val_ — Thu, 15 Aug 2024 08:00:27 GMT

@George_Casper Already address in another comment.

Also, @Lesley is not working for us, at least not yet, lol.

Now, can we please put this to rest?

Re: Forwarding Events to third-party SIEM solutions

_Val_ — Thu, 15 Aug 2024 08:01:39 GMT

Lol

Re: Forwarding Events to third-party SIEM solutions

PhoneBoy — Thu, 15 Aug 2024 17:34:30 GMT

Harmony Endpoint is also flagging this domain:

This is a legitimate email, as is the one I sent earlier regarding livestreaming the next CheckMates Go podcast episode that also appears to be triggering this issue.