This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Danny
Champion Champion
Champion
‎2018-09-06 01:51 AM

Cyber Attack Views in SmartEvent

Check Point finally released the R80.10 GA version of his

Cyber Attack View Addon for SmartEvent (sk134634).

[ Download ]

The Beta-Version was also shared with and tested by the CheckMates community in this blog entry from April 2018.

The additional view, now made available, helps you to better understand how to investigate threat prevention attacks in your organization. Usualy, One of the major tasks of a threat hunter is to find the needle in the haystack inside a big amount of event Check Point technologies create for him. In most cases, the admin is the one who responsible also to query the events we create for him and understand the threat landscape of his organization. The Cyber Attach View is focusing on an automatic threat analysis using SmartView/SmartEvent.

How to import the cyber-attack view into SmartEvent?

R80.10 GA does not include the cyber-attack view, thus it's required to import it into SmartEvent. Follow these steps to import and generate the latest views:

  1. Download the cyber-attack view from this link.
  2. Extract the cpr file into a directory.
  3. Open SmartView Monitor or SmartConsole (Logs & Monitors) > In the left tree, click on Views.
  4. On the toolbar, click on Actions > Click on Import Template > Select the new template file (Cyber_Attack_View.cpr) and import the template (*.cpr).
  5. The new template should appear in the list.
  6. Double-click the template to generate the view.
8 Replies
_Val_
Admin
Admin
‎2018-09-06 01:54 AM

Very useful, thanks, Danny Jung

0 Kudos
jose_monge
Explorer
‎2022-07-26 03:59 PM

good, report.

0 Kudos
Matlu
Advisor
2 weeks ago

Hi, @Danny 
I would like to be able to use this report template.
How can I get the template to run it in my environment?
I have 2 MDS boxes, with multiple CMA.
Is it possible to get this report template, please?
Thank you.

0 Kudos
Amir_Senn
Employee
Employee
2 weeks ago
In response to Matlu

Integrated into new version + updated link:

https://support.checkpoint.com/results/sk/sk134634

Kind regards, Amir Senn
0 Kudos
Matlu
Advisor
2 weeks ago
In response to Amir_Senn

Hello, @Amir_Senn 
In an MDS environment, this is 'loaded' in the 'Logs&Monitor' section of the main (MDS) box and replicated in all the CMA's I have?
Or does it have to be loaded, one by one, in each CMA?
I have a lot of CMAs and I am wondering how to load it.
Thanks

0 Kudos
Amir_Senn
Employee
Employee
2 weeks ago
In response to Matlu

You can upload to MDS and use share and it would should be uploaded to CMAs as well.

But you should have it already:

Capture.PNG

Kind regards, Amir Senn
0 Kudos
Matlu
Advisor
2 weeks ago
In response to Amir_Senn

An inquiry
These custom reports help me with the 'Threat Prevention' part, right?
Basically my need is to 'see' what is related to attacks, where blades such as IPS, AV, AB intervene, since my client has been exposed to attacks and information leakage to the Internet.
Do these custom reports help me?

0 Kudos
Amir_Senn
Employee
Employee
2 weeks ago
In response to Matlu

Will help you with anything detected/prevented by the Threat Prevention blades.

If you have security issues related to Access Control it will not help with that.

For best practices that will help you avoid such vulnerabilities you might want to check Compliance blade as well.

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events