Re: MITRE ATT&CK Extension

Oren_Koren

in today world of emerging threat, MITRE ATT&CK allows us to understand better the attacker intent and take actions upon the threats that has been detected.

the MITRE ATT&CK extension to SmartConsole (R80.30 version and above) expose the attackers intent by analyzing automatically your logs and use them to expose your own ATT&CK landscape and the Mitigations you need to take.

The extension is focus on analyzing IPS & AB logs and have a dependency on SmartEvent that needed to be enabled.
The report capability is available from R81.10 and will be ported to older versions after R81.10 GA release.

The community version can be downloaded from this link:

https://secureupdates.checkpoint.com/appi/mitre/mitre_network/extension.json

if you have any questions, inputs, challenges - please update us or send a direct email to orenkor@checkpoint.com

MikeB · ‎2021-05-12

Thanks Oren!

This also can work for Sandblast Agent?? I know we can see a special view under Threat Hunting but we are unable to generate a report based on Threat Hunting querys

Oren_Koren · ‎2021-05-12

Hey Mike,

it is not working for now on the raw logs of the agent.

we are extracting all the MITRE content from our agent to the Forensics but in the agent side we are mainly focused on the threat hunting and full MITRE coverage in the cloud deployment.

Daniel_ · ‎2021-05-17

Why is it not possible to use this extension without approving CP to use metadata and application usage?

Internal policies disallow me to use such applications 🙄

Oren_Koren · ‎2021-05-19

Hey,

the extension is complementary to our customers.

we have just released it and the main goal is to understand if there are errors and what is the customer flow of usage to improve it.

we do not collect any info on the network of the customer, just the usage (where he clicked and what are the errors) - thats how we can improve a web application that is a complementary and without any payment for.

Peter_Roth · ‎2021-06-03

Hi Oren,

I'm trying to run extension and I have just error "Sorry, there was a problem loading the page...".

Any idea to solve ?

mkuehn · ‎2022-04-04

Das it work with MDM?

Filters

Sort By

Categories

MITRE ATT&CK Extension

SmartEvent Type: ab, Extension, IPS, MITRE, MITRE ATT&CK, SmartConsole,

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.