Partner Check Point LEA/DXL Connector 1.0

snirh
Jul 17th 2017
1.7k Downloads
0 Comments

Website: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116678

The Check Point LEA/DXL Connector, combined with the Check Point Plug-in for McAfee ePO, forwards intelligence from Check Point Threat Prevention Blades over DXL.

Coming Soon: Bidirectional intelligence sharing and IOC prevention capabilities.

The LEA/DXL Connector establishes an OPSEC LEA (Log Extraction API) connection with the Check Point Log Server, and will, by default, receive logs from the following Blades:

Threat Emulation
Anti-Bot
Anti-Virus

Check Point logs that contain information on detected threats will be processed and published to preconfigured DXL subjects. These subjects are used by default:

/open/threat/fw/checkpoint/antibot for Anti-Bot logs (any severity)
/open/threat/fw/checkpoint/threatemulation for Anti-Virus and Threat Emulation logs (malicious files only)

Please see sk116678 in the Check Point Support Center for more information.

Version 1.0
- Jul 17th 2017
- 1.7k Downloads
First release of the LEA/DXL Connector.

Partner Check Point LEA/DXL Connector 1.0

Version 1.0

jjmin4

Share