This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Swiftyyyy
Collaborator
‎2022-06-24 03:15 AM

Endpoint & Elastic DB

Hello everyone!

We've been aware of the possibility to push raw forensic data to an ELK stack for a little while now (through a sales representative meeting), but I've been unable to find any documentation on the topic.

Has anyone actually implemented this and do you find it at all useful?
We manage a number of environments and a good number of them use On-Prem Endpoint servers meaning we lack access to Threat Hunting. Being able to pipe these datasets into a database would potentially be a very good stopgap measure between something more official on the EDR front for On-Prem managed devices.

I ask because in the E86.50 agent release notes this functionality is explicitly mentioned.

Enterprise Endpoint Security E86.50 Windows Clients (checkpoint.com)

AHTP-24628Forensics data can now be sent from the Endpoint's client computer directly to a local Elastic DB.
0 Replies