Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MikeB
Advisor

Severity and Confidence Levels for Security Incidents

how severity and confidence levels are assigned to protections across all Sandblast Agent blades?? (AV / TE / Anti-Exploit / Behavioral Guard /  Anti Ransomware / Port Protection / Firewall / App Control / Compliance).

I found some information in sk116254 but just regarding Network IPS /AV/AB.

 

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

We use similar criteria for all blades.
Firewall doesn’t use confidence/severity at all, neither does Port Protection.
App Control includes undesirable properties as part of the rating (e.g. file sharing, anonymizers, cloud-based password managers) which aren’t necessarily malicious. 

MikeB
Advisor

Thanks PhoneBoy.

Is there any SK for SBA with this official info available?? One of our SBA customers want to know details about the criteria used for incident classification that apperars in Forensic reports. 

This is very important for them as they can plan their response to incidents.

PhoneBoy
Admin
Admin

Maybe @Lior_Arzi or someone on his team can clarify this.
Meanwhile if you have concerns about how a specific incident is rated, I recommend a TAC case.

RS_Daniel
Collaborator

Hello,

Does someone from Check Point has more information about how severity and confidence levels are assigned in SBA blades? It is a requirement from some customers to have this information.

 

0 Kudos
PhoneBoy
Admin
Admin

Like I previously said, it's similar to what's in sk116254.
@Lior_Arzi do we have anything more specific to SBA?

0 Kudos
Guy_Avnet
Employee
Employee

For SBA blades, we don't have a dedicated documentation besides the information in SK116254. That SK, as mentioned above, provides the general guidlines and SBA complies with these guildlines. 

pls contact me directly if you need some specific information in that matter. 

 

10x

MikeB
Advisor

Hi @Guy_Avnet , I just send you a private message. Hope you can help us

0 Kudos
PhoneBoy
Admin
Admin

I had sk116254 updated so it now lists Harmony Endpoint as one of the products it applies to.
Hopefully that will help those who are looking for “official” documentation.