Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TSOL
Collaborator
Jump to solution

Severity and Confidence Levels for Security Incident on Harmony Endpoint

How is the severity and confidence assigned to all blades for Harmony Endpoint(Anti Malware/Anti Bot /URL Filtering/ Anti Ransomware/ Behavioral Guard / Threat Emulation / Anti Exploit/Firewall / Application Control/Compliance ).?

 

I found sk116254 but just regarding information of Quantum IPS /AV/AB. 

And I found almost the same question in the Checkmates thread. However, the result ends with the technical team contacting the questioner.

 

1 Solution

Accepted Solutions
MikeB
Advisor

It would be best to have an SK reference all blades/protections present in Harmony Endpoint. Many customers ask me about this and are not very convinced when I point to an SK that is focused on another product or protection not present in HE.

View solution in original post

8 Replies
PhoneBoy
Admin
Admin

I assume you’re referring to this thread: https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m...

Like I said in that thread, the guidelines for IPS also generally apply for Harmony Endpoint.
@Guy_Avnet can we produce something similar to sk116254 but geared at Harmony Endpoint?

TSOL
Collaborator

Thank you for your reply.
I wanted to check the URL and see the severity details.
Here's what I want to know:
For example, if severity is critical, under what conditions does it occur?

0 Kudos
PhoneBoy
Admin
Admin

Again, the guidance in sk116254 applies here.
That means the URL has something on it that generally involves remote code execution, is widely exploited, has no patch, is in wide use in Enterprises, etc.

TSOL
Collaborator

Thanks for your reply.
And I'm sorry for the late reply.

The SK is written "Severity is currently only set to distinguish between adware (assigned low severity) and malware (assigned medium or high severity). "
The harmony EN log also lists the severity of zero phishing blades and smart event clients.
I don't think there will be adware in the "Smart Event Client", but it will show a medium severity.
In addition, the content of events that occur with a critical severity in the "Endpoint Compliance Blade" includes signature update failures and so on.I don't think everything is malware or adware.

Is there a document explaining the severity of the harmony EN log?

PhoneBoy
Admin
Admin

Specifically, no.
In general, the logs should comply with that SK, which now specifically mentions Harmony Endpoint.
There is probably a few cases where it doesn't exactly match what it says there.
For that, I recommend a TAC case.

TSOL
Collaborator

I opened a new tack case.

Thanks for your advice.

0 Kudos
MikeB
Advisor

It would be best to have an SK reference all blades/protections present in Harmony Endpoint. Many customers ask me about this and are not very convinced when I point to an SK that is focused on another product or protection not present in HE.

PhoneBoy
Admin
Admin

Actually, Harmony Endpoint is mentioned as one of the products in the SK now (wasn't before).
If you have specific feedback about what you feel is missing there, I recommend leaving it in the SK. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events