This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tony_Graham
Advisor
‎2023-06-12 01:59 PM

Endpoint Digest Email

I receive weekly 'digest' emails in the form of a Weekly Security Report from Harmony Endpoint Cloud.

In this weeks report I have an entry that states:

Prevented Zero-Day Phishing Attacks: 1

However, that statistic does not match Infinity Portal reporting which states there are no attacks.

I have run Threat Hunting using the date range and it returns no mention of this event either.

It does however show up in the logs which I assume is where the automated report picked up on it.

Ultimately it's a non-issue but I thought it was odd that the event is mentioned/visible nowhere except the

report and the log.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2023-06-15 12:29 PM

Curious what the event was that was flagged?
Feel free to post a screenshot with the sensitive details redacted.

0 Kudos
Tony_Graham
Advisor
‎2023-06-15 01:17 PM
In response to PhoneBoy

Sure. It was a ZeroPhishing notification lodged against an internal website.

Preview file
78 KB
0 Kudos
Tony_Graham
Advisor
‎2023-06-15 01:26 PM
In response to Tony_Graham

Actually today I am getting Loading Threat Hunting with a circle spinning for a

long while, then the Threat Hunting panel draws and I see 'No data available for hunting'.

It must be down today. **Update - Looks like there is an issue.

Possible slow down or failure getting data
Identified - The issue is identified and a fix is begin implemented
Jun 15, 2023 - 14:17 UTC
Investigating - Issue is currently under investigation
Jun 15, 2023 - 13:18 UTC

 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-15 01:55 PM
In response to Tony_Graham

It's interesting the log entry is "Detect" rather than "Prevent" which is maybe why Threat Hunting didn't pick it up...

0 Kudos
Tony_Graham
Advisor
‎2023-06-16 08:13 AM
In response to PhoneBoy

Perhaps more interesting is all settings are on prevent.

Preview file
48 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-16 01:17 PM
In response to Tony_Graham

Feels like how Anti-Bot used to flag the DNS Trap as "detect" under similar circumstances.
Not 100% sure this is expected, though.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events