In the event of a potential threat, collecting and analyzing relevant data to verify and remediate the threat can often take days or weeks without the proper tools. Crest Data System helped the client to gain a rapid understanding of threats in their environment, speeding up detection, and respond quickly and appropriately with an Adaptive Response Framework that initiates automated workflows.
Check Point Software Technologies Ltd. is a multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security, and security management.
Check Point wanted to add threat intelligence to their product using Splunk. The challenge was to report all the malicious indicators found in Splunk Events in Check Point Gateway. Once these malicious indicators are reported their product can take actions like block, isolate, quarantine etc., thereby making their network more secure.
Crest helped Check Point team to achieve their goal by designing Adaptive Response actions in Splunk. The idea was to run searches that scan malicious indicators and if any malicious indicators are found then trigger an action from Splunk that will create a csv file of those indicators and push that file to Check Point Gateway. The gateway than processes this file and takes the necessary actions on the indicators. The solution was designed to allow pushing the same file to multiple Check Point Gateways. Crest Splunk Experts enabled upload IOC to Check Point functionality to upload the specified IOCs and their metadata to the configured destination machine in CSV format. User needs to fill up the action HTML form to provide static values or values from search results regarding the IOCs.