This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pedro_Madeira
Collaborator
‎2018-09-03 07:54 AM

File Trajectory and history

Hello everyone,

Does anyone know if Smartevent is able to show the file history and trajectory of a file across an enterprise?

An example would be a file that was first seen 1 month ago in several gateways and/or endpoints, indicating attack vectors (SMTP, FTP, HTTP, etc) and properties of said file (size, hash, filename and extension, etc)

Then later, if the file is flagged as malicious and seen again on a gateway or endpoint, one could go to a smartevent report or view, search a file by md5 or filename and confirm which endpoints received that file and what was the attack vector.

Many thanks for your tips.

Best regards,

Pedro Madeira

2 Replies
PhoneBoy
Admin
Admin
‎2018-09-04 07:16 AM

This is actually part of what SandBlast Agent Forensics provides.

You can see in the reports exactly how an Endpoint got infected (where the file came from, how it propagated through the system, etc).

I assume without this you could search the logs for a given file/hash.

Pedro_Madeira
Collaborator
‎2018-09-06 07:24 AM
In response to PhoneBoy

Hi Dameon,

Yes, I know that part of those capabilities are part of the Sandblast agent forensics.

However I was looking for some of these reporting capabilities on the gateway side since this is probably being offered by Cisco competition on their AMP solution and the project doesn't involve an endpoint protection solution.

Thanks anyway for taking the time to reply to me.

PM

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top