cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Threat Prevention Portal Early Availability

Employee+
Employee+
3 6 1,142

Features                                                                                            

  • View top Threat Emulation reports generated from security gateways, endpoints in one central place
  • Sort, filter, archive and search reports according to date, delivery method, file type and more
  • Easily download the malware (be careful!) and indicator lists off the reports
  • Observe video recording of the malware, Malware DNA, suspicious activities and everything else that made Threat Emulation industry leading solution

 

How can I Join?

  1. Login to q.portal.checkpoint.com. If you don’t have an account, create a new one with your organization name
  2. Select the Threat Prevention Portal off the Infinity portal services
  3. Click “Try Now”

 

Note that your devices must be connected to Threat Emulation Cloud service in order to use Threat Prevention Portal. 

 

Questions?

Hit me at yoav@checkpoint.com

 

Already using it?

We'd love to hear your feedback! Please fill our questionnaire here - https://forms.gle/vKQsasBcboBxwbkz8

6 Comments
Employee+
Employee+

active.pngView the top reports in your organizationarchive.pngSort, archive and drag your reports as part of your daily workfilter.pngEasily filter your report findingsmssp.pngFilter by User Center account numbers or file name

 

 

 

 

Employee+
Employee+

FAQ:

 

Q. What will happen after I join the program?

A. You will be asked to supply the User Center account where your device are licensed on. From that point top Threat Emulation reports will be added to your view gradually. Initially you may see reports up to 1 week back.

 

Q. How are Threat Emulation reports displayed?

A. To prevent cluttering and congestion the reports displayed are prioritized based on the amount of times they've been seen the organization and their confidence. You will not see the same report twice (the key is the file's SHA1) even if it is seen multiple times. After a report has been reviewed it is recommended to archive it by clicking "Dismiss" on the events action.

 

Q. What are the keywords supported in the search-bar?

A. The keywords supported are confidence:<low|medium|high>, type:<file_type>, sha1:<sha1>, delivery:<web|mail|unknown>, from:<dd/mm/yyyy> , to:<dd/mm/yyyy>, name:<file_name>, client:<sba|sbn>, account:<UC_ID>. For example, to see all PDF files that were found malicious on Sandblast Agents, between the 15/12/2019-17/12/2019 and delivered by mail, use this query: "from:15/12/2019 to:17/12/2019 type:pdf delivery:mail client:sba". Between keywords an implicit AND is applied.

 

Q. I'm a partner or MSSP; will I find this portal useful?

A. Of course. All reports are tagged with the User Center account id of the device that created them, making it easy to filter between the specific customers' findings. 

Do I understand this correctly that this is on a "Beta Infinity Portal" and not on the production one?

So accounts are different between those two?

 

Employee+
Employee+

Hi Norbert,

 

You are correct - as this feature is in Early Availability it is still only available in our EA portal. You will need to create another account to access it.

 

Thanks.

Employee
Employee

When I click 'try now', I get a spinning circle.  Any suggestions? 

 

Thanks

Employee+
Employee+

Hey Jon,

 

Checking this.

 

UPDATE:  it looks like the portal changed so that manual on-boarding (as it is for the EA program) returns the spinning circle but we were still notified of the request. So if you get a spinning circle it's fine.

UPDATE #2:  after speaking with the relevant Product Manager we agreed this is a bad experience. It will be fixed to return a more informative screen.