snirh added a new solution:
QuoteComing Soon: Bidirectional intelligence sharing and IOC prevention capabilities.
The LEA/DXL Connector establishes an OPSEC LEA (Log Extraction API) connection with the Check Point Log Server, and will, by default, receive logs from the following Blades:
- Threat Emulation
- Anti-Bot
- Anti-Virus
Check Point logs that contain information on detected threats will be processed and published to preconfigured DXL subjects. These subjects are used by default:
- /open/threat/fw/checkpoint/antibot for Anti-Bot logs (any severity)
- /open/threat/fw/checkpoint/threatemulation for Anti-Virus and Threat Emulation logs (malicious files only)
Please see sk116678 in the Check Point Support Center for more information.