snirh added a new solution:
Coming Soon: Bidirectional intelligence sharing and IOC prevention capabilities.
The LEA/DXL Connector establishes an OPSEC LEA (Log Extraction API) connection with the Check Point Log Server, and will, by default, receive logs from the following Blades:
- Threat Emulation
Check Point logs that contain information on detected threats will be processed and published to preconfigured DXL subjects. These subjects are used by default:
- /open/threat/fw/checkpoint/antibot for Anti-Bot logs (any severity)
- /open/threat/fw/checkpoint/threatemulation for Anti-Virus and Threat Emulation logs (malicious files only)