We are happy to announce the Check Point Active Response Add-on is now available on Splunkbase: Check Point Adaptive Response Add-on | Splunkbase
This initiative was created to help SOCs (Security Operations Centers) create and deliver a consolidated threat response across all products. This new AR Add-on will allow our joint customers to extract malicious IOCs from the Splunk environment and push them to Check Point gateways for enforcement:
- Fetch IOC values => user can write search queries to automatically fetch IOCs or manually input IOCs from Splunk ES Incident Review Dashboard
- Create a csv file with IOC values/types/metadata
- Push csv file to Check Point gateway for policy enforcement
The Check Point Gateway side of this is based on the Custom Intelligence Feeds" feature, currently in Early Availability for R80.10 Gateways.
For more information and to join the EA, refer to: What is "Custom Intelligence Feeds" feature?