- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hello everyone!
We've been aware of the possibility to push raw forensic data to an ELK stack for a little while now (through a sales representative meeting), but I've been unable to find any documentation on the topic.
Has anyone actually implemented this and do you find it at all useful?
We manage a number of environments and a good number of them use On-Prem Endpoint servers meaning we lack access to Threat Hunting. Being able to pipe these datasets into a database would potentially be a very good stopgap measure between something more official on the EDR front for On-Prem managed devices.
I ask because in the E86.50 agent release notes this functionality is explicitly mentioned.
Enterprise Endpoint Security E86.50 Windows Clients (checkpoint.com)
AHTP-24628 | Forensics data can now be sent from the Endpoint's client computer directly to a local Elastic DB. |
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY