Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

Check Point Active-Response Add-on for Splunk

We are happy to announce the Check Point Active Response Add-on is now available on Splunkbase: Check Point Adaptive Response Add-on | Splunkbase 

This initiative was created to help SOCs (Security Operations Centers) create and deliver a consolidated threat response across all products. This new AR Add-on will allow our joint customers to extract malicious IOCs from the Splunk environment and push them to Check Point gateways for enforcement:

 

  • Fetch IOC values => user can write search queries to automatically fetch IOCs or manually input IOCs from Splunk ES Incident Review Dashboard
  • Create a csv file with IOC values/types/metadata
  • Push csv file to Check Point gateway for policy enforcement           

The Check Point Gateway side of this is based on the Custom Intelligence Feeds" feature, currently in Early Availability for R80.10 Gateways.

For more information and to join the EA, refer to: What is "Custom Intelligence Feeds" feature? 

2 Replies
DeletedUser
Not applicable

ICYMI, we have documented this in Check Point Adaptive Response Add-on for Splunk v1.0 User Guide.  

0 Kudos
ToRo
Employee
Employee

Hi, any updates on the documentation and configuration steps?

What feedback from users/customers?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events