https://community.checkpoint.com/t5/Firewall-and-Security-Management/Find-a-IOC-in-checkpoint-database-malicious-IP-domain/m-p/234009#M45327 <P>Hi everyone. I have a question about IOC</P><P>Is there have any tool to check a IOC(like malicious IP, domain ) in database of Checkpoint Firewall. It is like virustotal check. The input is a malicious IP and the output will show this malicious IP already have in database or not.</P><P>Note: My goal is check malicious IP is exists or not and add them to custom policy if they not exist.&nbsp;</P><P>Thanks !!!</P> Thu, 28 Nov 2024 05:30:51 GMT rozkie20 2024-11-28T05:30:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Find-a-IOC-in-checkpoint-database-malicious-IP-domain/m-p/234009#M45327 <P>Hi everyone. I have a question about IOC</P><P>Is there have any tool to check a IOC(like malicious IP, domain ) in database of Checkpoint Firewall. It is like virustotal check. The input is a malicious IP and the output will show this malicious IP already have in database or not.</P><P>Note: My goal is check malicious IP is exists or not and add them to custom policy if they not exist.&nbsp;</P><P>Thanks !!!</P> Thu, 28 Nov 2024 05:30:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Find-a-IOC-in-checkpoint-database-malicious-IP-domain/m-p/234009#M45327 rozkie20 2024-11-28T05:30:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Find-a-IOC-in-checkpoint-database-malicious-IP-domain/m-p/234012#M45329 <P>If you have our XDR offering, you can query our database to get details about specific IPs/domains.<BR />Outside of that, I don't believe we offer a mechanism.</P> <P>In any case, if you have other sources you trust say something is malicious, you can add it to your own <A href="https://support.checkpoint.com/results/sk/sk132193" target="_self">IoC Feed</A> or <A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuide/Content/Topics-SECMG/Network_Feed.htm" target="_self">Network Feed</A> object, irrespective if it is in ThreatCloud.</P> Thu, 28 Nov 2024 06:50:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Find-a-IOC-in-checkpoint-database-malicious-IP-domain/m-p/234012#M45329 PhoneBoy 2024-11-28T06:50:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Find-a-IOC-in-checkpoint-database-malicious-IP-domain/m-p/236667#M45904 <P>fetched external IOC feeds are stored in&nbsp;/opt/CPsuite-R81.20/fw1/external_ioc/</P> <P>&nbsp;</P> Mon, 23 Dec 2024 10:05:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Find-a-IOC-in-checkpoint-database-malicious-IP-domain/m-p/236667#M45904 CheckPointerXL 2024-12-23T10:05:40Z