- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Check Point Active-Response Add-on for Splunk
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check Point Active-Response Add-on for Splunk
We are happy to announce the Check Point Active Response Add-on is now available on Splunkbase: Check Point Adaptive Response Add-on | Splunkbase
This initiative was created to help SOCs (Security Operations Centers) create and deliver a consolidated threat response across all products. This new AR Add-on will allow our joint customers to extract malicious IOCs from the Splunk environment and push them to Check Point gateways for enforcement:
- Fetch IOC values => user can write search queries to automatically fetch IOCs or manually input IOCs from Splunk ES Incident Review Dashboard
- Create a csv file with IOC values/types/metadata
- Push csv file to Check Point gateway for policy enforcement
The Check Point Gateway side of this is based on the Custom Intelligence Feeds" feature, currently in Early Availability for R80.10 Gateways.
For more information and to join the EA, refer to: What is "Custom Intelligence Feeds" feature?
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ICYMI, we have documented this in Check Point Adaptive Response Add-on for Splunk v1.0 User Guide.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, any updates on the documentation and configuration steps?
What feedback from users/customers?