Check Point Security Management
This new Playbook App automates adding and removing known malicious IOCs in Check Point Security Management. These actions may take place as part of an Incident Response workflow, Phishing Email Triage workflow, or enriching/processing intelligence from OSINT or Premium Intelligence feeds.
The following actions are available:
- Add Threat Indicator – Add a new Threat Indicator via the Check Point R80 Management API.
- Delete Threat Indicator – Delete a Threat Indicator via the Check Point R80 Management API.
The ThreatConnect integration with Check Point provides ThreatConnect users the ability to directly push IOCs into their Check Point Firewall. The integration is performed by a Playbook, ThreatConnect’s automation & orchestration capability. When the Playbook gets triggered, the specified indicator gets pushed to the Check Point block list. When malicious indicators are identified, the block is happening instantaneously. Once the indicators have been added to the block list, the team gets notified that malicious indicators have been blocked. Additionally, a dashboard can be created to show the total amount of malicious indicators that have been blocked which can be used for tracking and reporting metrics.
This listing can be found in the ThreatConnect App Catalog under the name Check Point Security Management.