This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Danny
Champion
Champion
‎2018-09-06 01:51 AM

Cyber Attack Views in SmartEvent

Check Point finally released the R80.10 GA version of his

Cyber Attack View Addon for SmartEvent (sk134634).

[ Download ]

The Beta-Version was also shared with and tested by the CheckMates community in this blog entry from April 2018.

The additional view, now made available, helps you to better understand how to investigate threat prevention attacks in your organization. Usualy, One of the major tasks of a threat hunter is to find the needle in the haystack inside a big amount of event Check Point technologies create for him. In most cases, the admin is the one who responsible also to query the events we create for him and understand the threat landscape of his organization. The Cyber Attach View is focusing on an automatic threat analysis using SmartView/SmartEvent.

How to import the cyber-attack view into SmartEvent?

R80.10 GA does not include the cyber-attack view, thus it's required to import it into SmartEvent. Follow these steps to import and generate the latest views:

  1. Download the cyber-attack view from this link.
  2. Extract the cpr file into a directory.
  3. Open SmartView Monitor or SmartConsole (Logs & Monitors) > In the left tree, click on Views.
  4. On the toolbar, click on Actions > Click on Import Template > Select the new template file (Cyber_Attack_View.cpr) and import the template (*.cpr).
  5. The new template should appear in the list.
  6. Double-click the template to generate the view.
1 Reply
_Val_
Admin
Admin
‎2018-09-06 01:54 AM

Very useful, thanks, Danny Jung

0 Kudos