Bring Your CloudMates!
CheckMates Go:
Is It XDR or MDR?
Join the Premier Event for
Securing Users & Access
Talking Cloud Podcast:
Joe Sullivan, CSO @ Cloudflare
End of Support Policy Update
For R80.10 Release
grandpafirewall
In an effort to start building the Check Point/Phantom ecosystem, I'm posting an integration document I created to share with the community; and to understand the need to increase our footprint with Phantom (now Splunk Phantom). I have a Github site setup for to collect Playbooks; json; rpm's; and Python files (see below) The document is still in draft and currently under review and will welcome any feedback. The document is an integration guide and is not the authority nor a tutorial for Phantom. The Phantom management portal has a very extensive documentation.
The document was written with R80.10, but I'm currently testing R80.20M2 with this as the API features are much more extensive.
The R80 REST API is very powerful and will continue to have features added in future releases.
Github: GitHub - rickdevera/phantom-checkpoint
automation
/richard devera
For the full list of White Papers, go here.
Hey Rick, which other playbooks except block/allow IP you use or plan to use within your org?
grandpafirewall
I'm working with a Check Point partner to demonstration the how we fit into their existing services. The Playbooks aren't limited to just the Check Point functions. You can use combine other Apps and their Actions to be used in a single Playbook, (For example, I can gather information gained from other Assets (ie VendorX firewall, URL service, etc) and take action. The Check Point playbook I created is very basic, and only demonstrates how I can use it with our API. So we should develop more Apps that can be used in Playbooks. For example, our Threat Cloud API can be used if we can create an App. Does this help?
Chris_Atkinson
Thanks for sharing!
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY