Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Swiftyyyy
Advisor
Jump to solution

Harmony Endpoint for Linux Event Log

Hello!

Would you happen to know if Harmony Endpoint for Linux also stores a local database of events similar to the Windows variant.
I am talking about the SQLite database into which the Forensics blade deposits information about Socket operations, Running processes, File operations and more.

As the Linux variant of Harmony Endpoint became supported for On-Premises appliances where Threat Hunting of course isn't available, at least having this database available somewhat adds some value.

 

0 Kudos
1 Solution

Accepted Solutions
Doron_Zuckerman
Employee
Employee

Hello Swiftyyyy,

Harmony EndPoint for Linux does not yet contain full Forensics DB capabilities, but it is absolutely on our roadmap.

Opening an RFE for this capability can assist in prioritizing it further.

Thank you,

Doron Zuckerman
Harmony EndPoint R&D Group Manager

View solution in original post

4 Replies
G_W_Albrecht
Legend Legend
Legend

See sk170198: Harmony Endpoint for Linux and https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...

To show detections of Anti-Malware, run:

cpla am detections


 

Note - To limit the number of detections displayed, use the parameter --limit <number_of_detections>. Default is 100.

 

To show the latest detections of Behavioral Guard, run:

cpla bg detections


 

Note - To limit the number of detections displayed, use the parameter --limit <number_of_detections>. Default is 100.

Logs

To collect the logs of the product:

cpla collect-logs

 

Note - When you use this command, it prepares a Zip file which you can send to the support manually.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Swiftyyyy
Advisor

Seen and read that file.
What I'm after is an equivalent of running "cpefrcli -b backup.db" on a Windows instance of Endpoint Security.
This command copies the Forensics database (SQLite format DB) which can then be examined for a very detailed view of everything that happened on the system.

Such information should exist somewhere on the system, even if briefly since a large dataset gets piped to Threat Hunting.
I'm wondering if there's a way to capture this dataset locally just as we are able to with Windows Harmony Endpoint.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Ask TAC and post the answer here ! I can not test if the details from sk164695 are true for EPS Linux clients...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Doron_Zuckerman
Employee
Employee

Hello Swiftyyyy,

Harmony EndPoint for Linux does not yet contain full Forensics DB capabilities, but it is absolutely on our roadmap.

Opening an RFE for this capability can assist in prioritizing it further.

Thank you,

Doron Zuckerman
Harmony EndPoint R&D Group Manager

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events