Partner Check Point LEA/DXL Connector 1.0

The Check Point LEA/DXL Connector, combined with the Check Point Plug-in for McAfee ePO, forwards intelligence from Check Point Threat Prevention Blades over DXL.

Coming Soon: Bidirectional intelligence sharing and IOC prevention capabilities.

The LEA/DXL Connector establishes an OPSEC LEA (Log Extraction API) connection with the Check Point Log Server, and will, by default, receive logs from the following Blades:

  • Threat Emulation
  • Anti-Bot
  • Anti-Virus

Check Point logs that contain information on detected threats will be processed and published to preconfigured DXL subjects. These subjects are used by default:

  • /open/threat/fw/checkpoint/antibot for Anti-Bot logs (any severity)
  • /open/threat/fw/checkpoint/threatemulation for Anti-Virus and Threat Emulation logs (malicious files only)

Please see sk116678 in the Check Point Support Center for more information.

  • Version 1.0

    First release of the LEA/DXL Connector.