Hi all,
I am glad to announce about a new version of Check Point App for Splunk.
The new functionalities of the app allow you to:
- View Forensics and Threat Emulation reports directly from your Splunk by only one-click.
- Assess your real-time security risks using MITRE ATT&CK matrix live hit map based on streaming events.
- Get an advanced analytics of malicious files found by SandBlast technologies using MITRE ATT&CK framework.
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
The ATT&CK framework is important because it creates a common language in the security industry and provides rich, easy-to-use, intelligence database of the adversary’s goals and modes of action.
MITRE ATT&CK matrix taken from Check Point App for Splunk
Check Points logs are now enriched with details of the attacks and classified into the relevant tactics and techniques.
Sandblast forensic reports now include a MITRE ATT&CK matrix mapping of the attack (See example).
MITRE ATT&CK on SmartLog
The new version of the app can be downloaded from Splunkbase: Check Point App for Splunk | Splunkbase.
For more information about Log Exporter and how to export log attachments (reports), please see SK122323.
For any question, comment or suggestion, please contact cp_splunk_app_support@checkpoint.com.
Best Regards,
Shay Hibah