Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
George_Casper
Collaborator

Forwarding Events to third-party SIEM solutions

Received an Email survey from Checkpoint with a link to mailing.checkpoint.com which redirects to some odd sounding hosting service on [an].[gr-wcon].[com] While Checkpoint URL categorization allowed it, Microsoft Smartscreen blocked it.

Assuming this is a legit survey Checkpoint just used a lower reputation survey/hosting service, putting my response here.

Add direct integrations for broader list of 3rd party SIEM's

  • ELK Stack
  • Azure Sentinel
  • Google Security Operations SIEM
0 Kudos
9 Replies
Lesley
Leader Leader
Leader

I have read this post couple times but I don't get it to be honest. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
George_Casper
Collaborator

 

Can 

Valeri Loukine (Val) from Checkpoint Checkmates that sent this email provide some context?

 

 

Hi CheckMates,

 

We are currently enhancing our Events and Logs solutions and would like to invite you to collaborate with us in defining the short-term roadmap. Your expertise and insights will be invaluable in shaping the future direction and ensuring we meet our goals effectively

 

Your input will help us tailor our solutions to better meet the unique security needs of your organizations.


We greatly appreciate your participation and look forward to your valuable feedback.

Best regards,

Val,

Head of CheckMates

 

 

0 Kudos
Lesley
Leader Leader
Leader

Ah you want to discuss the e-mail on the community. I filled it in: Your response was submitted.

Nothing more I can add so I will leave this thread 🙂 

 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
George_Casper
Collaborator

Exactly.  

Could you also escalate review of the hosting/survey website the link leads to?  Doesn't seem to have the best reputation and blocked by other security solutions.  Perhaps Checkpoint needs to re-evaluate which hosting/survey platform is used for next communications with customers & community

Thank you

0 Kudos
Lesley
Leader Leader
Leader

Nop Check Point does not send me a pay check 😉 

-------
If you like this post please give a thumbs up(kudo)! 🙂
_Val_
Admin
Admin

Lol

0 Kudos
_Val_
Admin
Admin

@George_Casper Already address in another comment.

Also, @Lesley is not working for us, at least not yet, lol. 

Now, can we please put this to rest?

0 Kudos
_Val_
Admin
Admin

Hi @George_Casper and all,

We are using a third-party platform to send our community emails. As part of the service, the platform tracks links through redirect domains. One of them, an.gr-wcon.com, is about a week old, and some of the less elaborate security solutions flag it for unknown reputation.

You are right to be prudent and cautious, but in this particular case, you have a false positive flag.

Yes, we raised the issue with the service provider, but as with many false positive security issues, the root cause is mostly out of their control. 


I hope this addresses your concerns.

You can go and fill out the survey at your pleasure, with this direct link, no redirections.

Just for transparency's sake, we are using Microsoft Forms to collect the responses.

For any further inquiry, please reach out to me directly via email: vloukine@checkpoint.com

Thanks,
Val

0 Kudos
PhoneBoy
Admin
Admin

Harmony Endpoint is also flagging this domain:

image.png

This is a legitimate email, as is the one I sent earlier regarding livestreaming the next CheckMates Go podcast episode that also appears to be triggering this issue. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events