Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

MITRE ATT&CK Extension

SmartEvent Type: ab, Extension, IPS, MITRE, MITRE ATT&CK, SmartConsole,

Oren_Koren
Employee Alumnus
Employee Alumnus
Verified By CP

MITRE-ATTACK-CheckMates.jpg

in today world of emerging threat, MITRE ATT&CK allows us to understand better the attacker intent and take actions upon the threats that has been detected.

 

the MITRE ATT&CK extension to SmartConsole (R80.30 version and above) expose the attackers intent by analyzing automatically your logs and use them to expose your own ATT&CK landscape and the Mitigations you need to take.

  • The extension is focus on analyzing IPS & AB logs and have a dependency on SmartEvent that
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




6 Replies

MikeB
Advisor

Thanks Oren! 

This also can work for Sandblast Agent?? I know we can see a special view under Threat Hunting but we are unable to generate a report based on Threat Hunting querys

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Oren_Koren
Employee Alumnus
Employee Alumnus

Hey Mike,

it is not working for now on the raw logs of the agent.

we are extracting all the MITRE content from our agent to the Forensics but in the agent side we are mainly focused on the threat hunting and full MITRE coverage in the cloud deployment.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Daniel_
Advisor

Why is it not possible to use this extension without approving CP to use metadata and application usage?

Internal policies disallow me to use such applications  🙄

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Oren_Koren
Employee Alumnus
Employee Alumnus

Hey,

the extension is complementary to our customers.

we have just released it and the main goal is to understand if there are errors and what is the customer flow of usage to improve it.

we do not collect any info on the network of the customer, just the usage (where he clicked and what are the errors) - thats how we can improve a web application that is a complementary and without any payment for.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Peter_Roth
Explorer

Hi Oren,

I'm trying to run extension and I have just error "Sorry, there was a problem loading the page...".

Any idea to solve ?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

mkuehn
Explorer

Das it work with MDM?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos