Harmony Endpoint Use Case

Scenario: You see a Threat Emulation or Anti-Bot detection log. What can you do?

Recommendations:

  1. From the Forensics, Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE., or Anti-BotClosed Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT. log, open the Forensics Analysis Report.

  2. Open the Remediation tab to see the components of the attack and how they were treated.

  3. Delete all files that were created by the attack.

  4. Open the Business Impact tab to see files that might be affected.

  5. Open the Entry Point tab to see the path of the attack. Update your security policyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. to prevent similar attacks in the future.