Introduction to Infinity XDR/XPR

Check Point Infinity XDR Extended Detection & Response/XPR Extended Prevention & Response is an Extended Detection Response (XDR) and Extended Prevention Response (XPR) tool that provides a unified view of all the security operations across onboarded products and helps you detect, respond to and prevent cyber attacks.

Infinity XDR/XPR uses Check Point ThreatCloud's Artificial Intelligence (AI) and Machine Learning (ML) to analyze security events across the products to identify security risks in your organization. If a security risk is detected, it generates an incident (alert) with an appropriate priority based on the severity and confidence level of the detection, and provides mitigation to the incident. Incidents are also fully mapped to the MITRE ATT&CK framework and also allows you to view the internal and external intelligence available for an indicator and analyze files for threats.

Benefits

Unified view for all the security operations across products.
Correlates multiple logs across products to a single security incident.
Early automatic detection and response to security events across your products.
Eliminates false positives.
Provides a comprehensive understanding of your organization's security posture, which allows you to take more confident and effective actions to mitigate and prevent attacks.
Advanced User Entity Behavioral Analytics (UEBA User Entity and Behavior Analytics that uses Machine Learning to detect anomalies in the behavior of users and devices.) detections.

Use Case

You are subscribed to multiple products and you want a single application to prevent, detect, investigate, and respond to security attacks.

Supported Regions

Infinity XDR/XPR is supported only for the Infinity Portal tenants (accounts) residing in these regions:

EU
US
India (Infinity AI Copilot and Infinity Playblocks are not available)

Supported Products

Infinity XDR/XPR is supported with these products:

Product Family	Product Name	Type of Integration
Check Point	Quantum Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. On-premises R81.10 with the R81.10 Jumbo Hotfix Accumulator Take 93 and higher.	Check Point cloud
	CloudGuard Network	Check Point cloud
	Harmony Endpoint (EPMaaS)	Check Point cloud
	Harmony Email & Collaboration	Check Point cloud
Microsoft	Microsoft 365 Defender for Endpoint	API
Fortinet	FortiGate Next Generation Firewall	Syslog
CrowdStrike	Falcon	API
SentinelOne	Singularity	Syslog
Palo Alto Network	Palo Alto Networks Next Generation Firewall	Syslog
Trend Micro	Trend Vision One	API
Cisco	Cisco Firepower	Syslog
Identity Service*	Identity Sources supported by the Check Point Security Gateway	Check Point cloud

*Tracks unusual user activities, such as repeated failed logins, logins after office hours, and so on. Infinity XDR/XPR correlates this activity to security events from other sources and generates an incident.

API Support

Infinity XDR/XPR API

You can use the Infinity XDR/XPR REST APIs to access and retrieve data from Infinity XDR/XPR.

To access Infinity XDR/XPR API:

Go to Check Point API Reference.
Click Infinity.
In the Infinity XDR/XPR API widget, click Open.

Infinity Threat Hunting API

You can use the Infinity Threat Hunting GraphQL APIs to query Infinity Threat Hunting and retrieve information about events reported by your devices.

To access Infinity Threat Hunting API:

Go to Check Point API Reference.
Click Infinity.
In the Infinity Threat Hunting API widget, click Open.