SOCFortress Integrations — CheckPoint Harmony
Intro
SOCFortress integration and visualization tools allow security analysts the visualization and triage of CheckPoint Harmony (e-mail security) security events using a single pane of glass.
About CheckPoint Harmony Security Platform
Checkpoint Harmony is a comprehensive security platform developed by Check Point, designed to provide unified threat management (UTM) capabilities, combining various security features into a single, integrated solution. Checkpoint Harmony offers protection against a wide range of cyber threats, including malware, ransomware, phishing attacks, and data breaches.
Some key features of Checkpoint Harmony include:
- Firewall: It includes a robust firewall to monitor and control incoming and outgoing network traffic based on predetermined security rules.
- Intrusion Prevention System (IPS): Checkpoint Harmony incorporates an IPS to detect and block potential intrusion attempts in real-time, safeguarding against various network-based attacks.
- Antivirus/Anti-malware: The platform includes antivirus and anti-malware capabilities to detect and remove malicious software from endpoints and networks.
- Advanced Threat Prevention: Checkpoint Harmony utilizes advanced threat prevention techniques, such as sandboxing and threat emulation, to identify and stop sophisticated threats before they can cause harm.
- VPN (Virtual Private Network): It offers VPN functionality to ensure secure remote access to corporate networks for employees working from outside the office.
- Endpoint Security: Checkpoint Harmony extends its protection to endpoints, including desktops, laptops, and mobile devices, to defend against threats targeting individual devices.
- Security Management: The platform provides centralized security management capabilities, allowing administrators to configure, monitor, and manage security policies across the entire network from a single console.
- Cloud Security: Checkpoint Harmony supports security for cloud environments, enabling organizations to secure their data and applications hosted on platforms like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
- Comprehensive Workspace Security to Protect Remote Users, Devices, and Access: Wherever your teams are, whatever application they’re using and whichever devices they’re working on, Harmony keeps them safe from sophisticated threats like phishing and ransomware. Discover the industry’s most comprehensive protection against attacks on your hybrid and remote workforce.
- Email & Web Application Security: Protect your workspace with email security, office & collaboration security and web application security
Emails, collaboration applications, browsers, and unmanaged devices all expand additional attack vectors. Harmony ensures that your workspace is fully protected against cyber threats.
Ingesting CheckPoint Harmony Alerts and Events
Check Point Log Exporter is an easy and secure method to export Check Point logs over syslog. Log Exporter is a multi-threaded daemon service which runs on a log server. Each log that is written on the log server is read by the Log Exporter daemon. It is then transformed into the applicable format and mapping and sent to the end target.
To export logs from Harmony Endpoint:
- Go to Endpoint Settings > Export Events.
- Click Add.
- The New Logging Service window opens.
- Fill in the export details:
Name — Enter a name for the exported information.
IP Address — Enter the IP Address of the target to which the logs are exported.
Protocol — Select the protocol over which to export the logs: TCP or UDP.
Format — Select the export format.
Port — Select the port over which to export the logs. Only these ports are supported for outgoing communication: 514, 6514.
TLS/SSL — Select this checkbox if you want log information to be TLS/SSL encrypted. The only allowed authentication method through TLS is mutual authentication. For mutual authentication, the log exporter needs these certificates:
A *.pem Certificate Authority certificate (must contain only the certificate of the CA that signed the client/server certificates, not the parent CA).
A *.p12 format client certificate (log exporter side).
Visualizations
Landing Page:
Events by severity and action:
From — To and verdict:
Malicious content:
Need Help?
The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.
Website: https://www.socfortress.co/
Contact Us: https://www.socfortress.co/contact_form.html