AlienVault® USM Anywhere™

USM Anywhere AlienApp for Check Point Orchestration

The AlienApp for Check Point provides a set of orchestration actions that you can use to identify and categorize items to send to your firewallVirtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them. as a response to threats identified by USM Anywhere

As USM Anywhere surfaces eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall., vulnerabilities, and alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., your team determines which items require a response action. Rather than manually tagging threats, you can use the AlienApp for Check Point orchestration actions to enforce protection based on the information associated with the event or alarm.

Alarms for the AlienApp for Check Point
Action

Add Threat Indicator using Destination IP

Add Threat Indicator using Source IP

Add Threat Indicator using Destination Domain

Add Threat Indicator using Source Domain

Add Threat Indicator using File Hash

Add Threat Indicator using URL
Tag Destination IP from Alarm/Event/Rule in the UI
Tag Source IP from Alarm/Event/Rule in the UI

To view information about these actions in USM Anywhere

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Available Apps tab

  3. On the AlienApps page, click the Check Point tile.

  4. If you have more than one sensor, select the sensor where the AlienApp is enabled.
  5. Click the Actions tab to display information for the supported actions.
  6. Click the History tab to display information about the executed orchestration actions.