Smart SOAR Integration

The combination of Check Point and D3 Smart SOAR provides the SOC with vastly improved visibility, intelligence, and agility. Events in Check Point trigger automated playbooks in Smart SOAR, which gather context from across the security ecosystem, including correlation against the MITRE ATT&CK framework. If the event is convicted, Smart SOAR will execute the remediation plan, which can be fully or partially automated. The whole process takes only seconds.

Check Point Integration

Integration Features

Orchestrate enrichment and response for Check Point events across hundreds of integrated tools.
Automate firewall policy management from Smart SOAR playbooks.
Investigate suspicious network traffic with rich contextual data and automated analysis.
Feature-rich expert-built and maintained integration.

Key Use Cases

#1: Spear-Phishing Response

Smart SOAR can monitor a phishing inbox and create an event by pulling suspicious email content and attachment(s). The file reputation is then automatically checked in the Check Point Threat Prevention module. If the file is not found, an API call will be triggered to upload the original file for sandboxing. Smart SOAR will search SIEM logs for suspicious network flows occurring on the involved endpoints and also automatically enrich external IPs and URLs. If an IOC’s reputation is malicious, a response playbook will be triggered to quarantine endpoints and block IPs and URLs.

Check Point Integration

#2: Suspicious Network Traffic Investigation

When Check Point’s Next Generation Firewall detects suspicious traffic, the alert is escalated automatically to Smart SOAR for investigation. Smart SOAR then correlates the alert against additional data sources, most importantly, the SIEM, which contextualizes the alert with log data. This data will include other activity of the implicated IP address in recent logs, any recent changes in privileges to associated user IDs, and other relevant data related to the IOCs that Smart SOAR found in the alert. The full context of the alert is then presented to the analyst, who can dismiss the alert as a false positive or trigger an automated playbook to respond to the threat, including updating firewall rules.

Check Point Integration

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X Check Point Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.