This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Swiftyyyy
Advisor
‎2023-05-11 10:27 PM
Jump to solution

Harmony Endpoint for Linux Event Log

Hello!

Would you happen to know if Harmony Endpoint for Linux also stores a local database of events similar to the Windows variant.
I am talking about the SQLite database into which the Forensics blade deposits information about Socket operations, Running processes, File operations and more.

As the Linux variant of Harmony Endpoint became supported for On-Premises appliances where Threat Hunting of course isn't available, at least having this database available somewhat adds some value.

 

0 Kudos
1 Solution

Accepted Solutions
Doron_Zuckerman
Employee
Employee
‎2023-05-14 12:17 AM
Jump to solution

Hello Swiftyyyy,

Harmony EndPoint for Linux does not yet contain full Forensics DB capabilities, but it is absolutely on our roadmap.

Opening an RFE for this capability can assist in prioritizing it further.

Thank you,

Doron Zuckerman
Harmony EndPoint R&D Group Manager

View solution in original post

4 Replies
G_W_Albrecht
Legend Legend
Legend
‎2023-05-12 01:28 AM
Jump to solution

See sk170198: Harmony Endpoint for Linux and https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...

To show detections of Anti-Malware, run:

cpla am detections

 

Note - To limit the number of detections displayed, use the parameter --limit <number_of_detections>. Default is 100.

 

To show the latest detections of Behavioral Guard, run:

cpla bg detections

 

Note - To limit the number of detections displayed, use the parameter --limit <number_of_detections>. Default is 100.

Logs

To collect the logs of the product:

cpla collect-logs

 

Note - When you use this command, it prepares a Zip file which you can send to the support manually.
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Swiftyyyy
Advisor
‎2023-05-12 01:50 AM
In response to G_W_Albrecht
Jump to solution

Seen and read that file.
What I'm after is an equivalent of running "cpefrcli -b backup.db" on a Windows instance of Endpoint Security.
This command copies the Forensics database (SQLite format DB) which can then be examined for a very detailed view of everything that happened on the system.

Such information should exist somewhere on the system, even if briefly since a large dataset gets piped to Threat Hunting.
I'm wondering if there's a way to capture this dataset locally just as we are able to with Windows Harmony Endpoint.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-05-12 02:11 AM
In response to Swiftyyyy
Jump to solution

Ask TAC and post the answer here ! I can not test if the details from sk164695 are true for EPS Linux clients...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Doron_Zuckerman
Employee
Employee
‎2023-05-14 12:17 AM
Jump to solution

Hello Swiftyyyy,

Harmony EndPoint for Linux does not yet contain full Forensics DB capabilities, but it is absolutely on our roadmap.

Opening an RFE for this capability can assist in prioritizing it further.

Thank you,

Doron Zuckerman
Harmony EndPoint R&D Group Manager

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top