Cyberint Alerts

Check Point Exposure Management and Splunk SOAR integration is here to simplify and streamline alerts for Splunk SOAR, bring enriched threat intelligence from the Argos Edge™ Digital Risk Protection Platform into Splunk SOAR and automatically implement playbooks and incident processes.

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• get enriched alerts: Get alerts and enrich them with indicator details
• alerts - update alert status: Update the status of one or more alerts
• alerts - submit takedown: Submit a takedown request
• alerts - retrieve takedowns: Retrieve takedown requests
• on poll: Ingest Cyberint alerts and create cases
• ioc - get file reputation: Get the reputation of a file by its SHA256 hash
• ioc - get domain reputation: Get the reputation of a domain
• ioc - get ip reputation: Get the reputation of an IPv4 address
• ioc - get url reputation: Get the reputation of a URL
• credentials - lookup by domain: Look up exposed credentials by domain
• credentials - lookup by email: Look up exposed credentials by email address
• get cve intelligence: Get enriched CVE intelligence by CVE ID