Check Point Identity Awareness Integration

ExtraHop and the Check Point Identity Awareness gateway integrate to provide immediate and automated remediation of cybersecurity threats, including device quarantine.

Cancel Apply

rate limit

Code not recognized.

About this bundle

Check Point Identity Awareness Integration

Description

The ExtraHop Reveal(x) integration with the Check Point Identity Awareness gateway provides immediate and automated remediation of cybersecurity threats. When Reveal(x) detects a security threat with a risk score that is above the configured threshold, it sends a message through the AWS Simple Notification Service (SNS) in JSON format to a subscribed Lambda function. The Lambda function parses the message and sends an Identity Awareness command to all configured Check Point gateways. Finally, the offender's IP address is added to the firewall access control lists and quarantined.

Requirements

You must have:

  • ExtraHop Reveal(x) version 7.8 or later with administrator privileges
  • Amazon Web Services account with Lambda, IAM, VPC, SNS, and CloudFormation permissions

Contents

  • 1 Application - Check Point Quarantine
  • 1x Dashboard - Check Point Quarantine
  • 1x Record format - Check Point Quarantine Event
  • 1x Trigger - Check Point IA Quarantine Integration

Bundle contents

  • Check Point Identity Awareness Integration
  • Bundle Overview
  • Instructions and Download

About this bundle

Check Point Identity Awareness Integration

Description

The ExtraHop Reveal(x) integration with the Check Point Identity Awareness gateway provides immediate and automated remediation of cybersecurity threats. When Reveal(x) detects a security threat with a risk score that is above the configured threshold, it sends a message through the AWS Simple Notification Service (SNS) in JSON format to a subscribed Lambda function. The Lambda function parses the message and sends an Identity Awareness command to all configured Check Point gateways. Finally, the offender's IP address is added to the firewall access control lists and quarantined.

Requirements

You must have:

  • ExtraHop Reveal(x) version 7.8 or later with administrator privileges
  • Amazon Web Services account with Lambda, IAM, VPC, SNS, and CloudFormation permissions

Contents

  • 1 Application - Check Point Quarantine
  • 1x Dashboard - Check Point Quarantine
  • 1x Record format - Check Point Quarantine Event
  • 1x Trigger - Check Point IA Quarantine Integration

Bundle contents

  • Check Point Identity Awareness Integration
  • Bundle Overview
  • Instructions and Download