This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Swiftyyyy
Advisor
‎2022-06-24 03:15 AM

Endpoint & Elastic DB

Hello everyone!

We've been aware of the possibility to push raw forensic data to an ELK stack for a little while now (through a sales representative meeting), but I've been unable to find any documentation on the topic.

Has anyone actually implemented this and do you find it at all useful?
We manage a number of environments and a good number of them use On-Prem Endpoint servers meaning we lack access to Threat Hunting. Being able to pipe these datasets into a database would potentially be a very good stopgap measure between something more official on the EDR front for On-Prem managed devices.

I ask because in the E86.50 agent release notes this functionality is explicitly mentioned.

Enterprise Endpoint Security E86.50 Windows Clients (checkpoint.com)

AHTP-24628Forensics data can now be sent from the Endpoint's client computer directly to a local Elastic DB.
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events