Revision History This topic lists the revision history entries, including additions and updates made over time. Date Description 06 May 2026 Added Notify on Tunnel Up by SASE 12 February 2026 Added: Appendix H - Webhooks and Authentications Webhooks Authentications 10 February 2026 Added Quantum Cloud Log Ingestion Health Monitor 05 February 2026 Added Notify on Tunnel Down by SASE 11 December 2025 Updated Check Point Firewall Enforcement 27 November 2025 Added: Alert on Generative AI Risky Session. Allowed Identities and Untrusted Identities lists. See Lists. 18 November 2025 Added AI Agent - Management health report. 07 October 2025 Added Notify on Failed GAIA Portal Login. 08 September 2025 Added Appendix G - Using Custom Automation Step Schemas. 18 August 2025 Added Credentials leakage detected by ERM triggering reset password. 18 July 2025 Added: Endpoint Security IOC Enforcement in IOC Enforcement. Block malicious file indicator identified by Threat Extraction Endpoint Security Block malicious file indicator identified by Threat Emulation Endpoint Security Block malicious file indicator identified by Anti-Bot Endpoint Security Block malicious URL indicator identified by Anti-Bot Endpoint Security Block malicious indicator identified by Zero Phishing Endpoint Security Notify on URL Reputation Identification by SASE Notify on Malicious File Detection by SASE Notify on URL filtering blocked by SASE Notify on Firewall Traffic Blocked by SASE De-isolate potentially clean Microsoft Defender machine Notify on AIOps alert Spark Management event 14 July 2025 Added Creating Automation by AI Copilot in Customization in Playblocks. 05 June 2025 Added Overview. 07 May 2025 Added Customization in Playblocks. 22 April 2025 Updated: Quarantine compromised Endpoint Security device (enforced by Firewall) Quarantine potentially infected Endpoint Security device (enforced by Firewall) Quarantine potentially infected CrowdStrike device (enforced by Firewall) Isolate potentially infected CrowdStrike device (enforced by Endpoint) Added: Isolate Endpoint device Isolate compromised Endpoint Security device (enforced by Endpoint) Isolate potentially Infected Endpoint Security device (enforced by Endpoint) Quarantine potentially infected Microsoft Defender device (enforced by Firewall) Isolate potentially infected Microsoft Defender device (enforced by Endpoint) Quarantine potentially infected SentinelOne device (enforced by Firewall) Isolate potentially infected SentinelOne device (enforced by Endpoint) Add malicious file indicator Identified by SentinelOne to IOC feed Add malicious file indicator Identified by Microsoft Defender to IOC feed Add malicious file indicator Identified by CrowdStrike to IOC feed 01 April 2025 Added IOC Enforcement. 21 February 2025 Added: SentinelOne Appendix F - Creating a SentinelOne Service User 09 December 2024 Updated Supported Products. 05 November 2024 Added new automations: Alert on MTA email bypass Block attacking IP with malicious reputation identified by WAF Application Security Application Security Alert if VPN Tunnel is down Notify on Management validations Updated Block attackers upon IPS detection of popular attacks 12 September 2024 Added: Automations: Quarantine potentially infected CrowdStrike device (enforced by Firewall) Isolate potentially infected CrowdStrike device (enforced by Endpoint) Appendix E - Integrating CrowdStrike Falcon CrowdStrike 09 September 2024 Added: Automations: Reset User Password in Identity Provider Notify on degradation in Check Point Firewall Compliance status Connectors: Okta Microsoft Entra ID 07 August 2024 Added note in Appendix C - Creating Workflow for Microsoft Teams Notification. 02 August 2024 Added Appendix C - Creating Workflow for Microsoft Teams Notification 01 July 2024 Updated: Notify on failure of installation of blades updates on Check Point Firewalls Notify on failure of Policy Installation on Check Point Firewall Alert on licenses expiration on Quantum device Alert on VPN certificates expiration on Check Point Firewall Notify on repeated login failures to Management Enforce Policy on newly discovered IoT Zone IoT Device is at risk Quarantine compromised Endpoint Security device (enforced by Firewall) Quarantine potentially infected Endpoint Security device (enforced by Firewall) Quarantine internal IP Notify on high rate of blocked connections Added: Notify on successful installation of blade updates on Check Point Firewalls Notify on successful Policy Installation on Check Point Firewall Alert on exploit attempt detected by Endpoint Security Alert on ransomware attack detected by Endpoint Security Alert on outdated Endpoint Security Behavioral Guard capability Alert on malicious file detected by Endpoint Security Alert on a phishing attempt detected by Endpoint Security Alert on access to malicious site detected by Endpoint Security Alert on password reuse attempt detected by Endpoint Security Alert on the outdated Endpoint Security Static Analysis capability Alert on the outdated Endpoint Security Offline Reputation capability Alert on disconnected Endpoint Security clients Alert on Endpoint Security Compliance warnings Alert on device restrictions by Endpoint Security Alert on outdated Endpoint Security Anti-Malware Alert on Endpoint Security Anti-Malware license expiration Alert on Endpoint Security deployment failure Alert if Endpoint Security client capabilities stop running Alert if the device is not scanned by the Endpoint Security Anti-Malware capability Repeated Remote Access login failures using password-only Repeated Remote Access login to expired accounts Remote Access user login using password-only Authentication Block DDoS attack detected by DDoS Protector Open ticket Close ticket Get ticket 03 June 2024 Added Jira Ticketing. 15 March 2024 Updated the procedure to attach a contract to the product in Accessing the Playblocks Administrator Portal. Added Endpoint Security to the list of supported products. See: Introduction to Playblocks On-boarding Products 16 February 2024 Added new automations: Notify on installation of blades updates on Quantum Gateways Alert on VPN certificates expiration on Quantum Gateway Alert if no communication with Quantum Gateway Notify on Endpoint Security client uninstall password change Notify on bulk uninstallation of Endpoint Security clients Stop and quarantine file via Microsoft Defender Scan machine via Microsoft Defender Added Microsoft Defender 31 January 2024 Rebranded Horizon Playblocks to Playblocks. 09 January 2024 Added new automations: Notify on repeated login failures to Management Notify on high rate of blocked connections Alert on licenses expiration on device Open ticket and notify 04 January 2024 Added new automations: Block malicious IOC identified by SASE Block malicious indicator identified by Anti-Bot Block malicious indicator identified by Anti-Virus Block malicious indicator identified by Zero Phishing Block malicious indicator identified by Email Security 20 January 2024 Updated: Check Point Firewall Logs Check Point Firewall Enforcement 29 November 2023 Added new automations: Notify on Management High Availability Change-Over Notify on Repeated Login Failures to Management Scan Endpoint Security Device 08 November 2023 First release of this document.