Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Garrett_DirSec
Advisor

unified ThreatCloud and Sandblast analysis of suspicious URL

Hello --  I cringed today because I had to send customer query about questionable URL to a competitor for URL/site analysis.

CheckPoint certainly has the technology and tools, but I'm not aware of unified place to "inspect a questionable URL".

Something that does equivalent of the following from zScaler (there are others):

https://zulu.zscaler.com/

This is effectively a web-based service of what sandblast agent (for browsers) is doing behind the scenes.

Note:   anti-phishing end-user training across the globe should include steps to "use Checkpoint to inspect the page" before clicking on questionable page.   We can't expect everyone on planet to own sandblast agent.   Such a unified one-stop-shop site analysis will only benefit CheckPoint and market perception across a wider audience. 

 

reference related topic about site reputation, domain reg status, etc.

https://community.checkpoint.com/t5/General-Topics/How-to-check-ThreatCloud-URL-Reputation/m-p/53936

sandblast file upload (this only portion of solution).

https://threatpoint.checkpoint.com/ThreatPortal/emulation

 

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

We are working on an API for this, as you can see by some code dropped in our GitHub account: https://github.com/CheckPointSW/reputation-service-api
The API is currently beta.
I suspect this will ultimately translate to something with a web front end we will expose to customers or integrate into an existing website.
0 Kudos
Garrett_DirSec
Advisor

Hello D -- thanks for msg.   note the API you mention below is specific to reputation service. 

The solution I'm asking about is a unified platform that would incorporate reputation service (domain, IP, ICANN info), with file emulation, extended link analysis (ie. what happens? downloaded, malicious script, etc), threat intelligence, etc. 

Such a unified platform would be GREAT to provide API access.   In addition to obvious "self-help" site (like Zscaler's Zulu site) CP could provide different versions of site based on "free" and "better" (the latter to include API access, amongst other things).

-GA

 

 

0 Kudos
PhoneBoy
Admin
Admin

I consider having the Reputation Service available through an API a necessary first step in the process of putting together a site like you're asking for.
Threat Emulation has had an API since it launched, which also generates the necessary reports.
With both these things in place, building a web frontend that unifies it all is a much simpler task.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events