Dameon Welch-Abernathy

Check Point Active-Response Add-on for Splunk

Discussion created by Dameon Welch-Abernathy Moderator on Aug 27, 2018
Latest reply on Nov 20, 2018 by Bob Bent

We are happy to announce the Check Point Active Response Add-on is now available on Splunkbase: Check Point Adaptive Response Add-on | Splunkbase 


This initiative was created to help SOCs (Security Operations Centers) create and deliver a consolidated threat response across all products. This new AR Add-on will allow our joint customers to extract malicious IOCs from the Splunk environment and push them to Check Point gateways for enforcement:


  • Fetch IOC values => user can write search queries to automatically fetch IOCs or manually input IOCs from Splunk ES Incident Review Dashboard
  • Create a csv file with IOC values/types/metadata
  • Push csv file to Check Point gateway for policy enforcement           


The Check Point Gateway side of this is based on the Custom Intelligence Feeds" feature, currently in Early Availability for R80.10 Gateways.

For more information and to join the EA, refer to: What is "Custom Intelligence Feeds" feature?