Forensics - Check Point HARMONY R81 Administration Manual

Parameter
-dn <node_DN>
-url <URL>
-file <file>
-i <start_
time>
-r <range>
-a <activity_
event>
-c <case_
analysis_
event>
-u <username>
-p <password>

Forensics

Harmony Endpoint Forensics analyzes attacks detected by other detection features like Anti-
Ransomware or Behavioral Guard, the Check Point Security Gateway and some third party
security products. On detection of a malicious event or file, Forensics is informed and a
Forensics analysis is automatically initiated. After the analysis is completed, the entire attack
sequence is then presented as a Forensics Analysis Report.
The Forensics Analysis Report provides full information on attacks and suspicious behavior
with an easy interface. The report includes:
n Entry Point - How did the suspicious file enter your system?
n Business Impact - Which files were affected and what was done to them?
n Remediation - Which files were treated and what is their status?
n Suspicious Activity - What unusual behavior occurred that is a result of the attack?
n Incident Details - A complete visual picture of the paths of the attack in your system.
Use the Forensics Analysis Report to prevent future attacks and to make sure that all affected
files and processes work correctly.
Description
The requested node distinguished name (for example,
CN=device1,OU=Computers,DC=mycompany,DC=com)
Analyze by URL
Analyze by file or process
Incident start time (date and time)
Time range (before and after start time) in minutes
'f' if detailed activity logs should not be generated, default is 't'
'f' if case analysis report should not be generated, default is 't'
Security Management Server username (case-sensitive)
Security Management Server password (case-sensitive)
R81 Harmony Endpoint Server Administration Guide | 325
Manual Analysis with Push Operations