Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shay_Hibah
Employee Alumnus
Employee Alumnus

*New Version* of Check Point App for Splunk

Hi all,

I am glad to announce about a new version of Check Point App for Splunk.
The new functionalities of the app allow you to:

  1. View Forensics and Threat Emulation reports directly from your Splunk by only one-click.
  2. Assess your real-time security risks using MITRE ATT&CK matrix live hit map based on streaming events.
  3. Get an advanced analytics of malicious files found by SandBlast technologies using MITRE ATT&CK framework.

 

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
The ATT&CK framework is important because it creates a common language in the security industry and provides rich, easy-to-use, intelligence database of the adversary’s goals and modes of action.

MITRE ATT&CK matrix taken from Check Point App for SplunkMITRE ATT&CK matrix taken from Check Point App for Splunk

 

Check Points logs are now enriched with details of the attacks and classified into the relevant tactics and techniques.
Sandblast forensic reports now include a MITRE ATT&CK matrix mapping of the attack (See example).

MITRE ATT&CK on SmartLogMITRE ATT&CK on SmartLog

 

The new version of the app can be downloaded from Splunkbase: Check Point App for Splunk | Splunkbase.
For more information about Log Exporter and how to export log attachments (reports), please see SK122323.

For any question, comment or suggestion, please contact cp_splunk_app_support@checkpoint.com.

Best Regards,
Shay Hibah

0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events