Threat Prevention - Infinity SOC

The Check Point Infinity SOC (sk164332) is supported from R81.10.05 in the Locally managed mode. Infinity SOC enables cybersecurity teams to effectively and efficiently prevent, detect and respond to all threats. Infinity SOC doubles the effectiveness of SOC teams by automating time-consuming tasks, allowing security teams to focus on remediation and attack prevention.

You can enable the Infinity SOC feature in the WebUI or through clish commands.

To enable the Infinity SOC feature in the WebUI:

1. Click Device > Advanced Settings.

2. In the Privacy Settings Attribute section, select the attribute Help Check Point improve its products by sending data.

   1. Click Edit.

   2. Select Help us improve product experience by sending data to Check Point.

   3. Click Apply.

3. In the Threat Prevention Policy Attribute section, select the attribute Allow me to view attack statistics in my User Center account.

   1. Click Edit.

   2. Select Allow me to view attack statistics in my User Center Account.

   3. Click Apply.

4. Optional: In the Threat Prevention Policy section, select the attribute Allow IP address information in attack statistics.

   1. Click Edit.

   2. Select Allow IP address information in attack statistics (see sk164332 - section "De-obfuscate the real IP of the victim").

   3. Click Apply.

To enable the Infinity SOC feature in Gaia Clish, run these commands:

1. Allow the appliance to send data to Check Point:

   set privacy-settings advanced-settings customer-consent true

2. Allow viewing attack statistics in your User Center Account:

   set threat-prevention policy advanced-settings allow-attack-stats true

3. Optional: Enable the real IP address information in the attack reports (see sk164332 - section "De-obfuscate the real IP of the victim"):

   set threat-prevention policy advanced-settings allow-ipaddr-in-stats true