This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tony_Graham
Advisor
‎2023-05-02 09:05 AM

Endpoint Alerts

So I have a real beef with Endpoint alerts. Presently looking in the Infinity Portal I can set alerts

based on a number of criteria. One such criteria is 'The computer is infected.'

Now for configuration of this alert I can set 'Trigger alert when the condition affects' with a setting

to set the number of infected devices to trigger an alert. Unfortunately the minimum setting is 10.

Now I don't know about you but I want to know immediately if someone is infected.

Worse, I have 10 employees so what you are really saying is, 'Ah it's okay there's only 10 infections...

Hmmm, it's our entire organization.

Now I can set it using percentage 10% which would be 1, but it's a very odd choice to stop at 10 devices.

 

 

 

0 Kudos
1 Reply
Chris_Atkinson
Employee Employee
Employee
‎2023-05-02 05:57 PM

Hi Tony,

Would recommend further exploring the Threat Hunting queries, which you can bookmark and set notifications for.

Example:

  1. Login to Infinity Portal, navigate to Harmony Endpoint and the Threat Hunting section.
  2. In the search/query area, change Process to Detection Event.
  3. Click on the Plus icon and add:
    a. Detection: Attack Status = Exists
    b. Detection: Triggered By IS Endpoint Anti-Ransomware
  4. Click on the “Star” icon to bookmark the query for repeat/future use.
  5. Fill in the details of Name and Importance and place a check mark in the “Send Email Notification” box.
  6. Note the tag name will allow grouping of bookmarks within the menu section. This is optional.
  7. By default alert notifications are sent every hour, on the hour. Shortly after the top of the hour, the admins of the portal should get an email alert based on the query bookmarked.
  8. To check/review the notification settings click the three dot icon next to the query bar and navigate to notifications.

 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events