Infinity AI Copilot
Infinity AI Copilot is Check Point's GenAI assistant, that boosts security effectiveness of administrators and SOC analysts.
To access Infinity AI Copilot, click Infinity AI Copilot from the top banner, which opens the Copilot's chat window.
General Actions
To perform the general actions, access Infinity AI Copilot from the top banner.
Click 
in the Copilot's chat window to perform these actions:
|
Action |
Description |
||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| New chat |
Starts a new chat. |
||||||||||||||||||||||||||||||
| Chat history | View chat history by month. | ||||||||||||||||||||||||||||||
| Prompt security |
Scans the user prompt and response for protection, such as Data Loss Protection (DLP), Advanced Context Check (out-of-context and inappropriate text), and Jailbreak Check (prompts that try to bypass the AI engine security to obtain confidentially sensitive information in response). It supports three modes:
|
||||||||||||||||||||||||||||||
Providing Feedback on the Response
You can provide feedback on the copilot's responses. This feedback is monitored by Check Point for continuous improvement of the Copilot's responses.
To provide feedback:
-
After you get a response, click one of these:
-
If the response needs improvement, click
. -
If you like the response, click
.
The Provide additional feedback window appears.
-
-
Enter your feedback and click Submit feedback.
Supported Capabilities for Infinity XDR/XPR
With the Infinity AI Copilot, you can ask questions about Infinity XDR
Extended Detection & Response/XPR Extended Prevention & Response, Check Point documentation, MITRE ATT&CK framework and general cyber security terms, and take actions. Write actions are currently not supported.
General Query
You can ask the Copilot general questions about Infinity XDR/XPR and Check Point documentation.
Sample Prompts
-
How should I investigate this incident?
-
What is Phishing?
-
How to add an IOC to IOC management?
-
What is Threat Hunting?
-
What is lateral movement?
-
What is Emotet?
-
How to integrate MS Defender with Infinity XDR/XPR?
-
Show the top IP addresses the machine <machine name> communicated with since the start of the year?
-
What is T1053? Was it seen exploited in my environment?
-
What was the RCA of this incident?
Incident Specific Query and Action
When in a specific incident, you can ask the copilot questions about that incident and its details, from all the tabs (for example, Insights & Forensics, Affected assets and so on) within the incident. The system opens the Infinity AI Copilot for the specific incident.
Sample Prompt for Queries on an Incident
-
Can you summarize this incident?
-
What immediate actions are recommended?
-
Which assets were affected?
-
What are the key IOCs identified?