Introduction to Infinity XDR/XPR

Check Point Infinity XDR Extended Detection & Response/XPR Extended Prevention & Response is an Extended Detection Response (XDR) and Extended Prevention Response (XPR) tool that provides a unified view of all the security operations across onboarded products and helps you detect, respond to and prevent cyber attacks.

Infinity XDR/XPR uses Check Point ThreatCloud's Artificial Intelligence (AI) and Machine Learning (ML) to analyze security events across the products to identify security risks in your organization. If a security risk is detected, it generates an incident (alert) with an appropriate priority based on the severity and confidence level of the detection, and provides mitigation to the incident. Incidents are also fully mapped to the MITRE ATT&CK framework and also allows you to view the internal and external intelligence available for an indicator and analyze files for threats.

Benefits

Unified view for all the security operations across products.
Correlates multiple logs across products to a single security incident.
Early automatic detection and response to security events across your products.
Eliminates false positives.
Provides a comprehensive understanding of your organization's security posture, which allows you to take more confident and effective actions to mitigate and prevent attacks.
Advanced User Entity Behavioral Analytics (UEBA User Entity and Behavior Analytics that uses Machine Learning to detect anomalies in the behavior of users and devices.) detections.

Use Case

You are subscribed to multiple products and you want a single application to prevent, detect, investigate, and respond to security attacks.

Supported Regions

Infinity XDR/XPR is supported only for the Infinity Portal tenants (accounts) residing in these regions:

EU
US
India (Infinity AI Copilot and Infinity Playblocks are not available)
UAE (Infinity AI Copilot and Infinity Playblocks are not available)

Supported Products

Infinity XDR/XPR's integration with specific products involves the following components:

Log integration - Required for all integrations for processing logs. Log integration can be either through Syslog where logs are pushed to Infinity XDR/XPR or through API where logs are pulled over the interface.
Response integration - Required for issuing responses (commands) to the integrated product. Responses are always issued over API.
IOC Management Support - Interface to set Indicators Of Compromise (IOCs) on the integrated product.

The table below shows the supported products, their log integration types, and whether they support response integration and IOC Management.

Product Family	Product Name	Log Integration	Response Integration	IOC Management Support
Check Point	Quantum Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. R81.10 with the R81.10 Jumbo Hotfix Accumulator Take 93 and higher. Smart-1 Cloud	Check Point cloud	Supported	Supported
	CloudGuard Network	Check Point cloud	Supported	Supported
	Harmony Endpoint (EPMaaS)	Check Point cloud	Supported	Supported
	Harmony Email & Collaboration	Check Point cloud	Not supported	Supported
	Harmony Mobile	Check Point cloud	Not supported	Can be enabled upon user request
Microsoft	Microsoft 365 Defender for Endpoint	API	Supported	Supported
	Microsoft Entra ID	Infinity Identity Providers Integration	Supported	Not Supported
Fortinet	FortiGate Next Generation Firewall	Syslog	Not supported	Supported
CrowdStrike	Falcon	API	Supported	Supported
SentinelOne	Singularity Endpoint	Syslog	Supported	Supported
Palo Alto Network	Palo Alto Networks Next Generation Firewall	Syslog	Not supported	Supported
Trend Micro	Trend Vision One	API	Supported	Supported
Cisco	Cisco Firepower	Syslog	Not supported	Supported
Okta	Okta	Infinity Identity Providers Integration	Supported	Not supported
Identity Service*	Identity Sources supported by the Check Point Security Gateway	Check Point cloud	Not supported	Not supported

*Tracks unusual user activities, such as repeated failed logins, logins after office hours, and so on. Infinity XDR/XPR correlates this activity to security events from other sources and generates an incident.

API Support

Infinity XDR/XPR API

You can use the Infinity XDR/XPR REST APIs to access and retrieve data from Infinity XDR/XPR.

To access Infinity XDR/XPR API:

Go to Check Point API Reference.
Click Infinity.
In the Infinity XDR/XPR API widget, click Open.

Infinity Threat Hunting API

You can use the Infinity Threat Hunting GraphQL APIs to query Infinity Threat Hunting and retrieve information about events reported by your devices.

To access Infinity Threat Hunting API:

Go to Check Point API Reference.
Click Infinity.
In the Infinity Threat Hunting API widget, click Open.