This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
gg_fga
Contributor
‎2024-02-02 05:50 AM

Harmony Endpoint Telemetry Tracking for Windows

Hello,

Is it possible to have the list of items monitored by Harmony Endpoint?

I have a list of items below, for each item, I would like to know if it is:

Implemented
Not Implemented
Partially Implemented
Via Windows EventLogs (EDR is inspecting windows event logs to collect the telemetry)
Via EnablingTelemetry (Additional telemetry that can be enabled easily as part of the Harmony Endpoint solution but is not ON by default.)

 

Item list:

Telemetry Feature CategorySub-Category
Process ActivityProcess Creation
 Process Termination
 Process Access
 Image/Library Loaded
 Remote Thread Creation
 Process Tampering Activity
File ManipulationFile Creation
 File Opened
 File Deletion
 File Modification
 File Renaming
User Account ActivityLocal Account Creation
 Local Account Modification
 Local Account Deletion
 Account Login
 Account Logoff
Network ActivityTCP Connection
 UDP Connection
 URL
 DNS Query
 File Downloaded
Hash AlgorithmsMD5
 SHA
 IMPHASH
Registry ActivityKey/Value Creation
 Key/Value Modification
 Key/Value Deletion
Schedule Task ActivityScheduled Task Creation
 Scheduled Task Modification
 Scheduled Task Deletion
Service ActivityService Creation
 Service Modification
 Service Deletion
Driver/Module ActivityDriver Loaded
 Driver Modification
 Driver Unloaded
Device OperationsVirtual Disk Mount
 USB Device Unmount
 USB Device Mount
Other Relevant EventsGroup Policy Modification
Named Pipe ActivityPipe Creation
 Pipe Connection
EDR SysOpsAgent Start
 Agent Stop
 Agent Install
 Agent Uninstall
 Agent Keep-Alive
 Agent Errors
WMI ActivityWmiEventConsumerToFilter
 WmiEventConsumer
 WmiEventFilter
BIT JOBS ActivityBIT JOBS Activity
PowerShell ActivityScript-Block Activity

 

Note that this list was retrieved from a GitHub project, but I can't mention it due to Check Point community rules.

 

Kind regards,

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2024-02-09 01:15 PM

I'm fairly certain sharing a link to this would not violate any community rules.
Having said that, if you're concerned about that, please provide the link to me in a PM.

In any case, this reads like something that would appear in an RFI/RFP.
For these sorts of questions, best to engage with your local Check Point office.

0 Kudos
gg_fga
Contributor
‎2024-02-14 08:28 AM
In response to PhoneBoy

Hi,

I already posted the same topic with the link, but it was rejected. I'll send it to you by PM.

The idea is to make Check Point more widely known, and I'm sure that the EDR answers many of the points listed.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events