Check Point
Check Point - Comprehensive cybersecurity solutions, including firewalls and threat prevention.
Provider: Check Point
Detection Rule | MITRE Tactic | MITRE Technique | Criticality | ||||||
---|---|---|---|---|---|---|---|---|---|
Failed Firewall Rule Matches | Defense Evasion | Firewall Evasion (T1210) | High | ||||||
|
|||||||||
VPN Access from Anomalous Locations | Credential Access | Credential Access (T1078) | Critical | ||||||
|
|||||||||
Malicious File Transfer Detected | Exfiltration | Exfiltration Over Command and Control Channel (T1041) | High | ||||||
|
|||||||||
Intrusion Prevention System (IPS) Alert for Exploit | Execution | Exploitation of Remote Services (T1210) | Critical | ||||||
|
|||||||||
High Rate of Firewall Alerts | Discovery | Network Service Scanning (T1046) | High | ||||||
|
|||||||||
Unusual HTTP Traffic Patterns | Command and Control | Application Layer Protocol (T1071) | High | ||||||
|
|||||||||
DNS Queries to Malicious Domains | Command and Control | Domain Generation Algorithms (T1483) | Critical | ||||||
|
|||||||||
Unauthorized Changes to Firewall Policies | Privilege Escalation | Exploitation of Vulnerability (T1068) | Critical | ||||||
|
|||||||||
Unrecognized Device Connecting to the Network | Initial Access | External Remote Services (T1133) | High | ||||||
|
|||||||||
High Volume of SSH Connections | Persistence | SSH Tunneling (T1572) | Medium | ||||||
|
APIs and Their Scopes
Detection Rule | API Required | API Scope |
---|---|---|
Failed Firewall Rule Matches | get_firewall_logs | read:firewall_logs |
VPN Access from Anomalous Locations | get_vpn_access_logs | read:vpn_logs |
Malicious File Transfer Detected | get_file_transfer_logs | read:file_transfer_logs |
Intrusion Prevention System (IPS) Alert for Exploit | get_ips_alerts | read:ips_logs |
High Rate of Firewall Alerts | get_firewall_alert_statistics | read:firewall_alerts |
Unusual HTTP Traffic Patterns | get_http_traffic_logs | read:http_logs |
DNS Queries to Malicious Domains | get_dns_query_logs | read:dns_logs |
Unauthorized Changes to Firewall Policies | get_policy_change_logs | read:policy_logs |
Unrecognized Device Connecting to the Network | get_device_connection_logs | read:device_logs |
High Volume of SSH Connections | get_ssh_connection_logs | read:ssh_logs |
Reports and Widgets for CISO
Report Name | Widgets | Description |
---|---|---|
Executive Summary Report | Total Incidents | High-level overview of overall security posture, including incident trends and compliance metrics. |
Current Threat Level Compliance Status |
||
Incident Response Report | Incident Count by Severity | Detailed analysis of incidents, including their severity, response times, and outcomes. |
Time to Respond Incident Resolution Rate |
||
Unauthorized Access Report | Top Failed Login Attempts | Summary of unauthorized access attempts, showing patterns and trends to identify potential breaches. |
Geolocation of Attempts User Activity Timeline |
||
Malware Incidents Report | Malware Detection Trends | Overview of malware incidents, detailing detection trends, affected systems, and mitigation efforts. |
Affected Systems Response Actions Taken |
||
Policy Compliance Report | Policy Violations by Category | Assessment of adherence to security policies, showing violations and compliance trends. |
Resolution Status Trends Over Time |
||
Data Exfiltration Risk Report | Volume of Data Transferred | Analysis of potential data breaches, including data transfer volumes and sources flagged for review. |
Source of Data Transfers Risk Level Overview |
||
Threat Landscape Report | Emerging Threats | Summary of the current threat landscape based on threat intelligence, including emerging threats and IoCs. |
Current IoCs Risk Assessment of Active Threats |
||
Firewall Rule Effectiveness Report | Firewall Denials by Source IP | Evaluation of firewall rule effectiveness, showing trends in denied traffic and modifications made to rules. |
Top Blocked Applications Rule Modification History |
||
VPN Access Analysis Report | User Access Patterns | Insights into VPN usage, highlighting unusual access patterns and locations for further investigation. |
Geographic Distribution of VPN Access Anomalous Access Alerts |
||
SSH Connection Activity Report | SSH Connections Over Time | Analysis of SSH connection attempts, focusing on trends and identifying suspicious activities. |
Source IP Analysis Alerts on Anomalous Behavior |