https://community.checkpoint.com/t5/Firewall-and-Security-Management/Updatable-Objects-Audit-changes-and-contents/m-p/217798#M41510 <P>I figured the source files would probably be the most useful <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 17 Jun 2024 16:07:56 GMT PhoneBoy 2024-06-17T16:07:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Updatable-Objects-Audit-changes-and-contents/m-p/217510#M41428 <P>Hi,</P><P>I have been looking at rolling out Updatable Objects on our firewall policies, specifically for Zscaler at the moment. Is there a way to:</P><OL><LI>Check in SmartConsole Logs when the Objects are changed/updated?</LI><LI>Interrogate the contents of the Updatable Object on the Gateways themselves?</LI></OL><P>For context, I have looked at&nbsp;<SPAN>sk131852 (<A href="https://support.checkpoint.com/results/sk/sk131852" target="_blank" rel="noopener">Updatable Objects (checkpoint.com)</A>),&nbsp;sk173416 (<A href="https://support.checkpoint.com/results/sk/sk173416" target="_blank" rel="noopener">How to manage access to external services using Updatable objects - FAQ (checkpoint.com)</A>) and&nbsp;sk161632 (<A href="https://support.checkpoint.com/results/sk/sk161632" target="_blank" rel="noopener">Domains Tool (domains_tool) (checkpoint.com)</A>). The Domains_Tool is useful but only shows that domains are used, not IP addresses.</SPAN></P><P>The admin guides shows the following, but it does not seem to work for me, or I cannot filter enough to see it!:</P><DIV class=""><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2024-06-14_11-56-11.jpg" style="width: 571px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/26254i0619A7C87C14F20A/image-size/large?v=v2&amp;px=999" role="button" title="2024-06-14_11-56-11.jpg" alt="2024-06-14_11-56-11.jpg" /></span></DIV><DIV class="">&nbsp;</DIV><DIV class="">The InfoSec team within my Company would like to be able to audit the Updatable Objects periodically to ensure the dynamic access granted is correct and appropriate. Any help on this would be gratefully received,<BR /><BR />Thanks<BR />Andy</DIV> Fri, 14 Jun 2024 11:12:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Updatable-Objects-Audit-changes-and-contents/m-p/217510#M41428 Andrew_Rawlinso 2024-06-14T11:12:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Updatable-Objects-Audit-changes-and-contents/m-p/217583#M41461 <P>You can use domains_tool to show you what IPs are associated with each domain.<BR />The updatable objects are updated from files downloaded to&nbsp;<SPAN>$CPDIR/database/downloads/ONLINE_SERVICES on the gateways.<BR />The original source material for each of the Updatable Objects should be listed here: <A href="https://support.checkpoint.com/results/sk/sk131852" target="_blank">https://support.checkpoint.com/results/sk/sk131852</A></SPAN></P> Fri, 14 Jun 2024 22:51:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Updatable-Objects-Audit-changes-and-contents/m-p/217583#M41461 PhoneBoy 2024-06-14T22:51:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Updatable-Objects-Audit-changes-and-contents/m-p/217755#M41501 <P>Thanks for the response. I can see within the "ONLINE_SERVICES" folders all the services listed:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="42ddf892-8cdd-4fa7-a7ce-7c3356da86b6.jpg" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/26301i757C50621E4FEE07/image-size/medium?v=v2&amp;px=400" role="button" title="42ddf892-8cdd-4fa7-a7ce-7c3356da86b6.jpg" alt="42ddf892-8cdd-4fa7-a7ce-7c3356da86b6.jpg" /></span></P><P>If you "cat" one these services files you get the complete listing of domains and IPs associated with the services. </P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2024-06-17_13-48-02.jpg" style="width: 926px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/26302i9446935846621819/image-size/large?v=v2&amp;px=999" role="button" title="2024-06-17_13-48-02.jpg" alt="2024-06-17_13-48-02.jpg" /></span></P><P>That should answer everything my infosec colleagues would required, so thanks for the point in the right direction. I appreciate it.</P> Mon, 17 Jun 2024 12:53:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Updatable-Objects-Audit-changes-and-contents/m-p/217755#M41501 Andrew_Rawlinso 2024-06-17T12:53:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Updatable-Objects-Audit-changes-and-contents/m-p/217798#M41510 <P>I figured the source files would probably be the most useful <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 17 Jun 2024 16:07:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Updatable-Objects-Audit-changes-and-contents/m-p/217798#M41510 PhoneBoy 2024-06-17T16:07:56Z