0
10.4.3
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
The Check Point Next Generation Threat Prevention Integration for Security Operations allows security analysts to block malicious IP addresses, URLs, and Domains using Block Request List capabilities within ServiceNow Security Incident Response. The security analyst creates Check Point Block List entries from observables determined to be malicious in ServiceNow security incidents.
The main features of the integration include the following:
- Flexibility to create multiple Block Lists that apply to multiple Check Point Gateways.
- Detailed reporting on the types of sites being blocked (phishing, malware, and allow-listed sites).
- Tagging of Now Platform security incidents with Block List entries by the observable type (URL, domain, IP address).
- Configuring Block List expiration periods to maintain Block List size by automatically expiring or removing older entries.
- Searching Block List entries between different Block Lists.
- Linking Block List entries to observable records and security incidents that include threat intelligence results and details about why an entry is blocked.
Changed:
- Migrated base system workflows to Flow Designer flows.
The following Security Incident Response plugins must be installed and activated:
- Security Incident Response (com.snc.security_incident)
- Security Support Orchestration (com.snc.secops.orchestration)