- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
In splunk, some endpoint logs shows the action as deferred where index is checkpoint, what dos it mean? i am new to this security profile.
A concrete example of such a log would be helpful.
Deferred is an action for various tags as part of the Endpoint Datamodel:
Endpoint - Splunk Documentation
These are defined in Enterprise Security > Settings >Data Models > Endpoint
Usually with an eval.
I meant a concrete example of an actual log you received that's tagged this way.
That said, if this tag is coming from Splunk, it might make more sense to ask on the Splunk Answers community.
Sorry! I meant to reply to original post.
But yes, you're right..
This is something for the Splunk Answers Community.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY