Dameon Welch-Abernathy

Check Point Active-Response Add-on for Splunk

Discussion created by Dameon Welch-Abernathy Moderator on Aug 27, 2018

We are happy to announce the Check Point Active Response Add-on is now available on Splunkbase: Check Point Adaptive Response Add-on | Splunkbase 

 

This initiative was created to help SOCs (Security Operations Centers) create and deliver a consolidated threat response across all products. This new AR Add-on will allow our joint customers to extract malicious IOCs from the Splunk environment and push them to Check Point gateways for enforcement:

 

  • Fetch IOC values => user can write search queries to automatically fetch IOCs or manually input IOCs from Splunk ES Incident Review Dashboard
  • Create a csv file with IOC values/types/metadata
  • Push csv file to Check Point gateway for policy enforcement           

 

The Check Point Gateway side of this is based on the Custom Intelligence Feeds" feature, currently in Early Availability for R80.10 Gateways.

For more information and to join the EA, refer to: What is "Custom Intelligence Feeds" feature? 

Outcomes