This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Tal_Ben_Bassat
MVP MVP
MVP
‎2025-09-26 03:14 AM

Playblocks Highlights: Powerful Automations You Might’ve Missed 🚀

 

Playblocks Highlights: Powerful Automations You Might’ve Missed 

 

Hey CheckMates!
We’re kicking off a new Playblocks Highlights series. These are short, practical posts that surface useful insights across automations, connectors, and pro tips you can put to work immediately. First up: predefined automations you might not have tried yet.

💡 Playblocks makes automation accessible. No scripts - just ready‑to‑run workflows that strengthen your defenses and save your team time.

 

De‑isolate a potentially clean Microsoft Defender machine

What it does: Removes isolation from a Defender machine that is now assessed as clean - streamlining recovery and minimizing downtime.
Supported product: Microsoft Defender connector
Trigger: When a potentially clean isolated machine is detected.
Approval step: Runs upon administrator approval to avoid premature de‑isolation

 

Block malicious file indicator identified by Threat Extraction (Harmony Endpoint)

What it does: Adds malicious file indicators identified by Threat Extraction (Harmony Endpoint) into an IOC feed to update threat intel and block propagation.
Supported products: Harmony Endpoint; Infinity IoC Management (IoC Enforcement connector)
Trigger: Match on malicious file indicator with high confidence.

 

Note: there are multiple IOC automations available that can expand your feed from different vendors - Quantum, Harmony Endpoint, Microsoft Defender, CrowdStrike, and SentinelOne. 

Tal_Ben_Bassat_3-1758880624669.png

 

Block attacking IP with malicious reputation identified by IPS

What it does: Automatically blocks IP addresses flagged as attackers, ensuring immediate protection across your environment.
Supported product: Quantum Enforcement connector
Trigger: Attacking IP identified through security logs.

 

Bonus: Once connecting Quantum Enforcement connector, this also unlocks the ability to build custom AI‑generated automations that include IP blocking.

 

Alert on VPN certificate expiration on Quantum Gateway

What it does: Proactively alerts (and can open a ticket) when VPN certificates are about to expire or have expired, so you can renew before downtime.
Supported product: Quantum
Trigger: VPN certificate is expired or within your warning window.
Key parameters:

  • Attempt frequency for checking expirations
  • Alert when certs are about to expire
  • Warning window ("about to expire within")
  • Re‑alert interval per gateway
  • Open a ticket if certificates are expired
    💡 Pro Tip: Schedule alerts with enough lead time to renew - set ticket creation to auto‑open so no one misses it.

 

Isolate potentially infected CrowdStrike device (enforced by Endpoint)

What it does: Auto‑isolates CrowdStrike‑flagged devices with high‑severity infections to prevent lateral movement.
Supported product: CrowdStrike connector
Trigger: High‑severity infection (for example malware/virus) detected by CrowdStrike.

Isolate potentially infected SentinelOne device (enforced by Endpoint)

What it does: Isolates SentinelOne‑flagged devices with high‑severity threats to stop spread quickly.
Supported product: SentinelOne connector
Trigger: High‑severity infection detected by SentinelOne

 

Have in mind some Quantum automation that doesn’t exist today in our out‑of‑the‑box automations?

You can easily make it happen by creating an automation with AI.

 

If you can think it - you can build it. Simply describe the outcome you want, and AI Copilot will propose a ready‑to‑run flow you can edit and refine.

 

Tal_Ben_Bassat_0-1758880046364.png

Tal_Ben_Bassat_1-1758880046375.png

 

Try it now

Jump into your tenant and explore these out‑of‑the‑box flows (and build your own):
👉 Start using Automations today

 

Tell us what to highlight next

This series will keep shining a light on value across Playblocks - more automations, connectors more tips. What would you like to see?
Feedback & requests: PlayBlocks-Feedback@checkpoint.com 

 

(3)
Who rated this post