Allows SIEM send a command to firewall to block attacker address in case of deteced attack based on third party logs or correlated events.
Transform your SIEM to single point of attack detection and response.
If some device (IDS\IPS\WAF…), connected to SIEM, detects an attack from IP address or C&C communication, you can create ArcSight rule to provide automatic reaction: block Attacker IP as source and destination of IPv4 traffic. Automatic Remediation tool will receive IP address for block from SIEM, and send command to Firewall.
CAUTION: developer supports only own scripts. For technical support case with SIEM or Firewall you should consult with relevant vendor. In case of support or suggestions, please, contact email@example.com
Scripts to perform block of attacker IP address on CheckPoint Firewall, using ArcSight ESM\Express and ArcSight CEF File Reader Smart Connector.
Similar apps are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox