| Compromised Credentials | app-login
↳smartdashboard-app-login
↳syslog-checkpoint-app-login-1
↳syslog-checkpoint-app-login
authentication-successful
↳cef-checkpoint-auth-successful-2
↳checkpoint-auth-successful
↳cef-checkpoint-auth-successful
↳checkpoint-auth-successful-1
↳cef-checkpoint-auth-successful-1
failed-vpn-login
↳checkpoint-vpn-authentication
local-logon
↳checkpoint-local-logon
network-alert
↳checkpoint-network-decrypt
↳checkpoint-network-alert-6
↳leef-checkpoint-alert
↳checkpoint-firewall-network-alert
↳checkpoint-network-encrypt
↳checkpoint-network-alert-3
↳checkpoint-firewall-network-alert-1
vpn-login
↳checkpoint-vpn-authentication
↳cef-checkpoint-vpn-login-3
↳cef-checkpoint-vpn-login-4
↳cef-checkpoint-vpn-login-2
↳checkpoint-vpn-login-6
vpn-logout
↳checkpoint-vpn-logout
↳cef-checkpoint-logout-2
↳cef-checkpoint-logout-1
web-activity-allowed
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-firewall-allow-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
web-activity-denied
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
| T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1102 - Web Service
T1110 - Brute Force
T1133 - External Remote Services
T1189 - Drive-by Compromise
T1190 - Exploit Public Fasing Application
T1204.001 - T1204.001
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1566.002 - Phishing: Spearphishing Link
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
| |
| Cryptomining | web-activity-allowed
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-firewall-allow-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
web-activity-denied
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
| T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
| |
| Data Exfiltration | vpn-logout
↳checkpoint-vpn-logout
↳cef-checkpoint-logout-2
↳cef-checkpoint-logout-1
web-activity-allowed
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-firewall-allow-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
web-activity-denied
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
| T1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
| |
| Data Leak | dlp-email-alert-out
↳checkpoint-dlp-alert-out
vpn-logout
↳checkpoint-vpn-logout
↳cef-checkpoint-logout-2
↳cef-checkpoint-logout-1
web-activity-allowed
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-firewall-allow-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
web-activity-denied
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
| T1041 - Exfiltration Over C2 Channel
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
| |
| Lateral Movement | app-login
↳smartdashboard-app-login
↳syslog-checkpoint-app-login-1
↳syslog-checkpoint-app-login
authentication-failed
↳checkpoint-auth-failed
authentication-successful
↳cef-checkpoint-auth-successful-2
↳checkpoint-auth-successful
↳cef-checkpoint-auth-successful
↳checkpoint-auth-successful-1
↳cef-checkpoint-auth-successful-1
failed-vpn-login
↳checkpoint-vpn-authentication
local-logon
↳checkpoint-local-logon
network-connection-failed
↳checkpoint-firewall-drop
↳checkpoint-firewall-network-connection-drop
↳checkpoint-network-connection-drop-1
↳checkpoint-firewall-reject-1
↳s-checkpoint-firewall-drop
↳checkpoint-firewall-network-connection-4
↳checkpoint-firewall-drop-2
↳raw-checkpoint-firewall-drop
↳s-checkpoint-firewall-block
↳cef-checkpoint-firewall
↳raw-checkpoint-firewall-2
↳raw-checkpoint-firewall-1
↳leef-checkpoint-firewall-4
↳leef-checkpoint-firewall-3
↳leef-checkpoint-firewall-2
↳cef-checkpoint-firewall-5
↳leef-checkpoint-firewall-1
↳cef-checkpoint-firewall-3
↳cef-checkpoint-firewall-4
↳cef-checkpoint-firewall-1
↳cef-checkpoint-firewall-2
↳checkpoint-firewall-1
network-connection-successful
↳checkpoint-network-connection-allow
↳checkpoint-firewall-accept
↳checkpoint-5599-network-connection
↳raw-checkpoint-firewall-allow
↳s-checkpoint-firewall-allow
↳s-checkpoint-firewall-accept
↳checkpoint-firewall-network-connection-3
↳checkpoint-firewall-network-connection-2
↳cef-checkpoint-firewall-accept
↳checkpoint-firewall-network-connection-1
↳s-checkpoint-fw-network-connection
↳checkpoint-network-connection-accept-1
↳checkpoint-firewall-accept-2
↳raw-checkpoint-firewall-accept
↳checkpoint-network-connection-accept-2
↳checkpoint-firewall-network-connection-accept
↳checkpoint-vpn-firewall
↳cef-checkpoint-firewall
↳raw-checkpoint-firewall-2
↳raw-checkpoint-firewall-1
↳leef-checkpoint-firewall-4
↳leef-checkpoint-firewall-3
↳leef-checkpoint-firewall-2
↳cef-checkpoint-firewall-5
↳leef-checkpoint-firewall-1
↳cef-checkpoint-firewall-3
↳cef-checkpoint-firewall-4
↳cef-checkpoint-firewall-1
↳cef-checkpoint-firewall-2
↳checkpoint-firewall-1
vpn-login
↳checkpoint-vpn-authentication
↳cef-checkpoint-vpn-login-3
↳cef-checkpoint-vpn-login-4
↳cef-checkpoint-vpn-login-2
↳checkpoint-vpn-login-6
vpn-logout
↳checkpoint-vpn-logout
↳cef-checkpoint-logout-2
↳cef-checkpoint-logout-1
web-activity-allowed
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-firewall-allow-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
web-activity-denied
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
| T1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
| |
| Malware | app-login
↳smartdashboard-app-login
↳syslog-checkpoint-app-login-1
↳syslog-checkpoint-app-login
authentication-successful
↳cef-checkpoint-auth-successful-2
↳checkpoint-auth-successful
↳cef-checkpoint-auth-successful
↳checkpoint-auth-successful-1
↳cef-checkpoint-auth-successful-1
dlp-email-alert-in
↳checkpoint-dlp-email-alert
dlp-email-alert-out
↳checkpoint-dlp-alert-out
local-logon
↳checkpoint-local-logon
network-alert
↳checkpoint-network-decrypt
↳checkpoint-network-alert-6
↳leef-checkpoint-alert
↳checkpoint-firewall-network-alert
↳checkpoint-network-encrypt
↳checkpoint-network-alert-3
↳checkpoint-firewall-network-alert-1
network-connection-failed
↳checkpoint-firewall-drop
↳checkpoint-firewall-network-connection-drop
↳checkpoint-network-connection-drop-1
↳checkpoint-firewall-reject-1
↳s-checkpoint-firewall-drop
↳checkpoint-firewall-network-connection-4
↳checkpoint-firewall-drop-2
↳raw-checkpoint-firewall-drop
↳s-checkpoint-firewall-block
↳cef-checkpoint-firewall
↳raw-checkpoint-firewall-2
↳raw-checkpoint-firewall-1
↳leef-checkpoint-firewall-4
↳leef-checkpoint-firewall-3
↳leef-checkpoint-firewall-2
↳cef-checkpoint-firewall-5
↳leef-checkpoint-firewall-1
↳cef-checkpoint-firewall-3
↳cef-checkpoint-firewall-4
↳cef-checkpoint-firewall-1
↳cef-checkpoint-firewall-2
↳checkpoint-firewall-1
network-connection-successful
↳checkpoint-network-connection-allow
↳checkpoint-firewall-accept
↳checkpoint-5599-network-connection
↳raw-checkpoint-firewall-allow
↳s-checkpoint-firewall-allow
↳s-checkpoint-firewall-accept
↳checkpoint-firewall-network-connection-3
↳checkpoint-firewall-network-connection-2
↳cef-checkpoint-firewall-accept
↳checkpoint-firewall-network-connection-1
↳s-checkpoint-fw-network-connection
↳checkpoint-network-connection-accept-1
↳checkpoint-firewall-accept-2
↳raw-checkpoint-firewall-accept
↳checkpoint-network-connection-accept-2
↳checkpoint-firewall-network-connection-accept
↳checkpoint-vpn-firewall
↳cef-checkpoint-firewall
↳raw-checkpoint-firewall-2
↳raw-checkpoint-firewall-1
↳leef-checkpoint-firewall-4
↳leef-checkpoint-firewall-3
↳leef-checkpoint-firewall-2
↳cef-checkpoint-firewall-5
↳leef-checkpoint-firewall-1
↳cef-checkpoint-firewall-3
↳cef-checkpoint-firewall-4
↳cef-checkpoint-firewall-1
↳cef-checkpoint-firewall-2
↳checkpoint-firewall-1
vpn-login
↳checkpoint-vpn-authentication
↳cef-checkpoint-vpn-login-3
↳cef-checkpoint-vpn-login-4
↳cef-checkpoint-vpn-login-2
↳checkpoint-vpn-login-6
web-activity-allowed
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-firewall-allow-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
web-activity-denied
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
| T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1189 - Drive-by Compromise
T1190 - Exploit Public Fasing Application
T1204.001 - T1204.001
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1566.002 - Phishing: Spearphishing Link
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0011 - TA0011
| |
| Phishing | dlp-email-alert-out
↳checkpoint-dlp-alert-out
vpn-logout
↳checkpoint-vpn-logout
↳cef-checkpoint-logout-2
↳cef-checkpoint-logout-1
web-activity-allowed
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-firewall-allow-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
web-activity-denied
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
| T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1189 - Drive-by Compromise
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598.003 - T1598.003
| |
| Privilege Abuse | app-login
↳smartdashboard-app-login
↳syslog-checkpoint-app-login-1
↳syslog-checkpoint-app-login
dlp-email-alert-in
↳checkpoint-dlp-email-alert
dlp-email-alert-out
↳checkpoint-dlp-alert-out
local-logon
↳checkpoint-local-logon
vpn-login
↳checkpoint-vpn-authentication
↳cef-checkpoint-vpn-login-3
↳cef-checkpoint-vpn-login-4
↳cef-checkpoint-vpn-login-2
↳checkpoint-vpn-login-6
vpn-logout
↳checkpoint-vpn-logout
↳cef-checkpoint-logout-2
↳cef-checkpoint-logout-1
web-activity-allowed
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-firewall-allow-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
web-activity-denied
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
| T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
| |
| Privileged Activity | app-login
↳smartdashboard-app-login
↳syslog-checkpoint-app-login-1
↳syslog-checkpoint-app-login
dlp-email-alert-in
↳checkpoint-dlp-email-alert
dlp-email-alert-out
↳checkpoint-dlp-alert-out
local-logon
↳checkpoint-local-logon
web-activity-allowed
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-firewall-allow-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
web-activity-denied
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
| T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
| |
| Ransomware | app-login
↳smartdashboard-app-login
↳syslog-checkpoint-app-login-1
↳syslog-checkpoint-app-login
authentication-failed
↳checkpoint-auth-failed
authentication-successful
↳cef-checkpoint-auth-successful-2
↳checkpoint-auth-successful
↳cef-checkpoint-auth-successful
↳checkpoint-auth-successful-1
↳cef-checkpoint-auth-successful-1
failed-vpn-login
↳checkpoint-vpn-authentication
vpn-login
↳checkpoint-vpn-authentication
↳cef-checkpoint-vpn-login-3
↳cef-checkpoint-vpn-login-4
↳cef-checkpoint-vpn-login-2
↳checkpoint-vpn-login-6
web-activity-allowed
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-firewall-allow-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
web-activity-denied
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
| T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
| |
| Workforce Protection | dlp-email-alert-out
↳checkpoint-dlp-alert-out
web-activity-allowed
↳s-checkpoint-proxy
↳checkpoint-url-filtering
↳checkpoint-proxy
↳checkpoint-proxy-2
↳checkpoint-firewall-allow-2
↳checkpoint-proxy-1
↳checkpoint-web-activity
↳checkpoint-web-activity-1
| T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071.001 - Application Layer Protocol: Web Protocols
| |