Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ritenm
Participant

process monitoring can be possible in Checkpoint Endpoint

I need to know if process monitoring can be possible in Checkpoint Endpoint 
needs to know if mstsc.exe needs to be watched or poweshell.exe or wmic.exe is executed  So that I can build queries ..for DLL Side-loading.

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Application Control on Endpoint can restrict what binaries can run.
SandBlast Agent and some of the other endpoint controls can track and block malicious activities by any process.
Forensics will even tell you what process did what.

So what is it you exactly are looking to do?
0 Kudos
Yoni_Nave
Employee
Employee

Checkpoint now offers a beta version of threat hunt as part of Infinity portal.

Using threat hunt you can easily create complex queries based on raw enriched data collected from the endpoints.

Data collected includes process, connections, files, registry events and more.

 

It is possible to join the beta program by logging to the Infinity portal (https://portal.checkpoint.com/signin) and apply a request to be added to the threat hunt beta program.

0 Kudos