This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TSOL
Advisor
‎2021-07-12 01:25 AM
Jump to solution

Severity and Confidence Levels for Security Incident on Harmony Endpoint

How is the severity and confidence assigned to all blades for Harmony Endpoint(Anti Malware/Anti Bot /URL Filtering/ Anti Ransomware/ Behavioral Guard / Threat Emulation / Anti Exploit/Firewall / Application Control/Compliance ).?

 

I found sk116254 but just regarding information of Quantum IPS /AV/AB. 

And I found almost the same question in the Checkmates thread. However, the result ends with the technical team contacting the questioner.

 

1 Solution

Accepted Solutions
MikeB
Advisor
‎2021-07-13 01:43 PM
In response to PhoneBoy
Jump to solution

It would be best to have an SK reference all blades/protections present in Harmony Endpoint. Many customers ask me about this and are not very convinced when I point to an SK that is focused on another product or protection not present in HE.

View solution in original post

8 Replies
PhoneBoy
Admin
Admin
‎2021-07-12 11:57 AM
Jump to solution

I assume you’re referring to this thread: https://community.checkpoint.com/t5/Endpoint/Severity-and-Confidence-Levels-for-Security-Incidents/m...

Like I said in that thread, the guidelines for IPS also generally apply for Harmony Endpoint.
@Guy_Avnet can we produce something similar to sk116254 but geared at Harmony Endpoint?

TSOL
Advisor
‎2021-07-12 11:46 PM
In response to PhoneBoy
Jump to solution

Thank you for your reply.
I wanted to check the URL and see the severity details.
Here's what I want to know:
For example, if severity is critical, under what conditions does it occur?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-07-13 01:04 PM
In response to TSOL
Jump to solution

Again, the guidance in sk116254 applies here.
That means the URL has something on it that generally involves remote code execution, is widely exploited, has no patch, is in wide use in Enterprises, etc.

TSOL
Advisor
‎2021-07-26 12:30 AM
In response to PhoneBoy
Jump to solution

Thanks for your reply.
And I'm sorry for the late reply.

The SK is written "Severity is currently only set to distinguish between adware (assigned low severity) and malware (assigned medium or high severity). "
The harmony EN log also lists the severity of zero phishing blades and smart event clients.
I don't think there will be adware in the "Smart Event Client", but it will show a medium severity.
In addition, the content of events that occur with a critical severity in the "Endpoint Compliance Blade" includes signature update failures and so on.I don't think everything is malware or adware.

Is there a document explaining the severity of the harmony EN log?

PhoneBoy
Admin
Admin
‎2021-07-26 12:35 AM
In response to TSOL
Jump to solution

Specifically, no.
In general, the logs should comply with that SK, which now specifically mentions Harmony Endpoint.
There is probably a few cases where it doesn't exactly match what it says there.
For that, I recommend a TAC case.

TSOL
Advisor
‎2021-07-26 12:59 AM
In response to PhoneBoy
Jump to solution

I opened a new tack case.

Thanks for your advice.

0 Kudos
MikeB
Advisor
‎2021-07-13 01:43 PM
In response to PhoneBoy
Jump to solution

It would be best to have an SK reference all blades/protections present in Harmony Endpoint. Many customers ask me about this and are not very convinced when I point to an SK that is focused on another product or protection not present in HE.

PhoneBoy
Admin
Admin
‎2021-10-20 10:10 PM
In response to MikeB
Jump to solution

Actually, Harmony Endpoint is mentioned as one of the products in the SK now (wasn't before).
If you have specific feedback about what you feel is missing there, I recommend leaving it in the SK. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events