Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Threat Prevention Portal Early Availability

Yoav_Lasman
Employee Alumnus
Employee Alumnus
3 7 7,275

Features                                                                                            

  • View top Threat Emulation reports generated from security gateways, endpoints in one central place
  • Sort, filter, archive and search reports according to date, delivery method, file type and more
  • Easily download the malware (be careful!) and indicator lists off the reports
  • Observe video recording of the malware, Malware DNA, suspicious activities and everything else that made Threat Emulation industry leading solution

 

How can I Join?

  1. Login to q.portal.checkpoint.com. If you don’t have an account, create a new one with your organization name
  2. Select the Threat Prevention Portal off the Infinity portal services
  3. Click “Try Now”

 

Note that your devices must be connected to Threat Emulation Cloud service in order to use Threat Prevention Portal. 

 

Questions?

Hit me at yoav@checkpoint.com

 

Already using it?

We'd love to hear your feedback! Please fill our questionnaire here - https://forms.gle/vKQsasBcboBxwbkz8

7 Comments
Yoav_Lasman
Employee Alumnus
Employee Alumnus

 

See the top reports in your organizationSee the top reports in your organizationEasily filter your findingsEasily filter your findingsDrag, sort and define workflows with your peersDrag, sort and define workflows with your peersArchive your reports for historical reviewsArchive your reports for historical reviewsGet notifications by mail for new reportsGet notifications by mail for new reports

Yoav_Lasman
Employee Alumnus
Employee Alumnus

FAQ:

 

Q. What will happen after I join the program?

A. You will be asked to supply the User Center account where your device are licensed on. From that point top Threat Emulation reports will be added to your view gradually. Initially you may see reports up to 1 week back.

 

Q. How are Threat Emulation reports displayed?

A. To prevent cluttering and congestion the reports displayed are prioritized based on the amount of times they've been seen the organization and their confidence. You will not see the same report twice (the key is the file's SHA1) even if it is seen multiple times. After a report has been reviewed it is recommended to archive it by clicking "Dismiss" on the events action. Anyhow, no more then 200 reports will be displayed at once so to narrow down the view the search-bar should be used. 

 

Q. What are the keywords supported in the search-bar?

A. The keywords supported are confidence:<low|medium|high>, type:<file_type>, sha1:<sha1>, delivery:<web|mail|unknown>, from:<dd/mm/yyyy> , to:<dd/mm/yyyy>, name:<file_name>, client:<sba|sbn>, account:<UC_ID>. For example, to see all PDF files that were found malicious on Sandblast Agents, between the 15/12/2019-17/12/2019 and delivered by mail, use this query: "from:15/12/2019 to:17/12/2019 type:pdf delivery:mail client:sba". Between keywords an implicit AND is applied.

 

Q. I'm a partner or MSSP; will I find this portal useful?

A. Of course. All reports are tagged with the User Center account id of the device that created them, making it easy to filter between the specific customers' findings. 

 

Q. How can I keep up-to-date with my events?

A. It's possible to define a list of recipients to be notified when new reports are added to the portal. 

Norbert_Bohusch
Advisor

Do I understand this correctly that this is on a "Beta Infinity Portal" and not on the production one?

So accounts are different between those two?

 

Yoav_Lasman
Employee Alumnus
Employee Alumnus

Hi Norbert,

 

You are correct - as this feature is in Early Availability it is still only available in our EA portal. You will need to create another account to access it.

 

Thanks.

Jon_Fallon
Employee Alumnus
Employee Alumnus

When I click 'try now', I get a spinning circle.  Any suggestions? 

 

Thanks

Yoav_Lasman
Employee Alumnus
Employee Alumnus

Hey Jon,

 

Checking this.

 

UPDATE:  it looks like the portal changed so that manual on-boarding (as it is for the EA program) returns the spinning circle but we were still notified of the request. So if you get a spinning circle it's fine.

UPDATE #2:  after speaking with the relevant Product Manager we agreed this is a bad experience. It will be fixed to return a more informative screen. 

Yoav_Lasman
Employee Alumnus
Employee Alumnus

Hi All,

 

Following your feedback it is now possible to define a list of recipients to be notified when a new report is found and added to the portal.

This will improve the portal experience as till today the user had to visit the portal proactively in order to check for updates.

 

Check he FAQ above to learn how to do it.

Labels