This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Charris_Lappas
Collaborator
‎2018-09-10 10:37 AM

Forensics report with 3rd party AV

Can you please direct to a step by step guide on how to configure the Forensics report with 3rd party AV?

I have reviewed the How to configure Forensics blade to analyze an incident that was detected by external system 

but is a bit confusing. 

Thanks,

Charris Lappas

3 Replies
PhoneBoy
Admin
Admin
‎2018-09-10 03:10 PM

The SK you linked is the tool that would be run to kick off a forensics report, with a few different methods for kicking it off.

As each third party AV is different, the exact instructions will depend on the third party AV in question.

The SK mentions Symantec specifically, there is another SK for Trend: Setting up Sandblast Agent (SBA) Forensics Analysis trigger from Trend Micro Control Manager 

0 Kudos
Charris_Lappas
Collaborator
‎2018-09-11 02:46 AM
In response to PhoneBoy

Looking it further there is another SK SandBlast Agent Integration with Third Party Anti-Virus Vendors  so what is the difference between the two. I have followed this SK but the forensics reports are not generated. 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-09-11 06:30 AM
In response to Charris_Lappas

The difference is: one is reading from the Windows Event Log, another is relying on being explicitly triggered by the external tool.

As was suggested in the SK, you may need to open a TAC case with the requested information for Troubleshooting.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top