Introduction to Infinity XDR/XPR
Check Point Infinity XDR Extended Detection & Response/XPR Extended Prevention & Response is an Extended Detection Response (XDR) and Extended Prevention Response (XPR) tool that provides a unified view of all the security operations across onboarded products and helps you detect, respond to and prevent cyber attacks.
Infinity XDR/XPR uses Check Point ThreatCloud's Artificial Intelligence (AI) and Machine Learning (ML) to analyze security events across the products to identify security risks in your organization. If a security risk is detected, it generates an incident (alert) with an appropriate priority based on the severity and confidence level of the detection, and provides mitigation to the incident. Incidents are also fully mapped to the MITRE ATT&CK framework and also allows you to view the internal and external intelligence available for an indicator and analyze files for threats.
Benefits
-
Unified view for all the security operations across products.
-
Correlates multiple logs across products to a single security incident.
-
Early automatic detection and response to security events across your products.
-
Eliminates false positives.
-
Provides a comprehensive understanding of your organization's security posture, which allows you to take more confident and effective actions to mitigate and prevent attacks.
-
Advanced User Entity Behavioral Analytics (UEBA User Entity and Behavior Analytics that uses Machine Learning to detect anomalies in the behavior of users and devices.) detections.
Use Case
You are subscribed to multiple products and you want a single application to prevent, detect, investigate, and respond to security attacks.
Supported Regions
Infinity XDR/XPR is supported only for the Infinity Portal tenants (accounts) residing in these regions:
-
EU
-
US
-
India (Infinity AI Copilot and Infinity Playblocks are not available)
Supported Products
Infinity XDR/XPR is supported with these products:
Product Family |
Product Name |
Type of Integration |
---|---|---|
Check Point |
|
Check Point cloud |
CloudGuard Network |
Check Point cloud |
|
Harmony Endpoint (EPMaaS) |
Check Point cloud |
|
Harmony Email & Collaboration |
Check Point cloud |
|
Microsoft |
Microsoft 365 Defender for Endpoint |
API |
|
Microsoft Entra ID |
|
Fortinet |
FortiGate Next Generation Firewall |
Syslog |
CrowdStrike |
Falcon |
API |
SentinelOne |
Singularity |
Syslog |
Palo Alto Network |
Palo Alto Networks Next Generation Firewall |
Syslog |
Trend Micro |
Trend Vision One |
API |
Cisco |
Cisco Firepower |
Syslog |
Okta |
Okta |
|
Identity Service* |
Identity Sources supported by the Check Point Security Gateway |
Check Point cloud |
*Tracks unusual user activities, such as repeated failed logins, logins after office hours, and so on. Infinity XDR/XPR correlates this activity to security events from other sources and generates an incident.
API Support
Infinity XDR/XPR API
You can use the Infinity XDR/XPR REST APIs to access and retrieve data from Infinity XDR/XPR.
To access Infinity XDR/XPR API:
-
Go to Check Point API Reference.
-
Click Infinity.
-
In the Infinity XDR/XPR API widget, click Open.
Infinity Threat Hunting API
You can use the Infinity Threat Hunting GraphQL APIs to query Infinity Threat Hunting and retrieve information about events reported by your devices.
To access Infinity Threat Hunting API:
-
Go to Check Point API Reference.
-
Click Infinity.
-
In the Infinity Threat Hunting API widget, click Open.