---
title: Check Point Quantum Firewall ransomware infection detected
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Check Point Quantum Firewall ransomware
  infection detected
---

# Check Point Quantum Firewall ransomware infection detected

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0040-impact](https://attack.mitre.org/tactics/TA0040)Technique:[T1486-data-encrypted-for-impact](https://attack.mitre.org/techniques/T1486) 
## Goal{% #goal %}

Detect when Check Point's Anti-Ransomware solution raises a ransomware infection alert.

## Strategy{% #strategy %}

This rule monitors Check Point Quantum Firewall logs for when a ransomware infection is detected by the Anti-Ransomware product. This rule uses the third-party detection method to create a signal with the same serverity as the event severity (`@checkpoint_firewall_severity`).

## Triage and response{% #triage-and-response %}

1. Investigate the Check Point alert to determine if it is malicious or benign.
1. If the alert is benign, consider including the user or host in a suppression list. See [Best practices for creating detection rules with Datadog Cloud SIEM](https://www.datadoghq.com/blog/writing-datadog-security-detection-rules/#customize-security-signal-messages-to-fit-your-environment) for more information.