https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3886#M59413 <HTML><HEAD></HEAD><BODY><P>SNORT rules would be tricky and not optimal for such requirement.</P><P>Meanwhile you can use fast packet drop feature - note that the configuration is on the gateway and not on the management.&nbsp;</P><P>Check Fast Packet Drop feature in 61k Admin Guide</P><P><A class="link-titled" href="http://dl3.checkpoint.com/paid/71/71ae92768b018816ab82d91d3b361345/CP_R76SP.30_Security_System_AdministrationGuide.pdf?HashKey=1499113431_bb90c391e1e45ddd1ac3c4c590fcabee&amp;xtn=.pdf" title="http://dl3.checkpoint.com/paid/71/71ae92768b018816ab82d91d3b361345/CP_R76SP.30_Security_System_AdministrationGuide.pdf?HashKey=1499113431_bb90c391e1e45ddd1ac3c4c590fcabee&amp;xtn=.pdf">http://dl3.checkpoint.com/paid/71/71ae92768b018816ab82d91d3b361345/CP_R76SP.30_Security_System_AdministrationGuide.pdf?H…</A>&nbsp;</P><P></P><P>In any case, please engage your Check Point SE.&nbsp;</P></BODY></HTML> Mon, 03 Jul 2017 18:27:08 GMT Gera_Dorfman 2017-07-03T18:27:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3880#M59407 <HTML><HEAD></HEAD><BODY><P>Threat Prevention has a option to add custom indicators from R77.20 and above. However, 61000 versions are R76SP.X. Does 61000 support the deployment of custom indicators in any version. We are running 61000 in R76SP.40 in VSX mode.</P></BODY></HTML> Sun, 02 Jul 2017 05:28:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3880#M59407 Varun_Arora 2017-07-02T05:28:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3881#M59408 <HTML><HEAD></HEAD><BODY><P>The next major release for the Scalable Platforms is expected to be based on R80 and thus should support this functionality.&nbsp;</P><P>Meanwhile, I would engage with your Check Point SE to discuss your specific requirements to see what can be done in the meantime.</P></BODY></HTML> Mon, 03 Jul 2017 05:09:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3881#M59408 PhoneBoy 2017-07-03T05:09:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3882#M59409 <HTML><HEAD></HEAD><BODY><P class=""><A _jive_internal="true" class="jive-link-profile-small jive_macro jive_macro_user" href="https://community.checkpoint.com/people/gerad5da845f9-9584-48cf-9a5f-e26b6b227890">Gera Dorfman&nbsp;</A>, can't it be done maybe with a custom sig (snort ?) ?</P></BODY></HTML> Mon, 03 Jul 2017 05:11:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3882#M59409 Moti 2017-07-03T05:11:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3883#M59410 <HTML><HEAD></HEAD><BODY><P>As Dameon mentioned, we plan to align features set of Scalable Platform with R80.X.&nbsp;</P><P>Regarding the specific requirement, we need to understand which exact indicators are planned and see if meanwhile it can be achieved with SNORT.&nbsp;</P></BODY></HTML> Mon, 03 Jul 2017 08:29:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3883#M59410 Gera_Dorfman 2017-07-03T08:29:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3884#M59411 <HTML><HEAD></HEAD><BODY><P>Hi Gera, we are looking for simple IOC blocking with Md5 or IP Address for the prevention using Threat Indicators. Sample is shown below:</P><TABLE style="border-collapse: collapse; width: 338pt;" width="451"><TBODY><TR style="height: 15.0pt;"><TD height="20" style="width: 98pt; height: 15.0pt;" width="131">#UNIQ-NAME</TD><TD style="width: 48pt;" width="64">VALUE</TD><TD style="width: 48pt;" width="64">TYPE</TD><TD style="width: 48pt;" width="64">CONFIDENCE</TD><TD style="width: 48pt;" width="64">SEVERITY</TD><TD style="width: 48pt;" width="64">PRODUCT</TD></TR><TR style="height: 15.0pt;"><TD height="20" style="height: 15.0pt;">HOST107.181.174.34</TD><TD>107.181.174.34</TD><TD>IP</TD><TD></TD><TD>High</TD><TD>AB</TD></TR><TR style="height: 15.0pt;"><TD height="20" style="height: 15.0pt;">HOST10.10.10.20</TD><TD>10.10.10.20</TD><TD>IP</TD><TD></TD><TD>High</TD><TD>AV</TD></TR><TR style="height: 15.0pt;"><TD height="20" style="height: 15.0pt;">file1</TD><TD>23680e480e13981a4d96f7ed72f35c7f</TD><TD>MD5</TD><TD></TD><TD>Low</TD><TD>AV</TD></TR></TBODY></TABLE></BODY></HTML> Mon, 03 Jul 2017 09:00:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3884#M59411 Varun_Arora 2017-07-03T09:00:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3885#M59412 <HTML><HEAD></HEAD><BODY><P>You may able to leverage Private ThreatCloud to do the file hashes today, not 100% sure on IPs.</P><P>Either way, I recommend engaging your Check Point SE.&nbsp;</P></BODY></HTML> Mon, 03 Jul 2017 17:21:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3885#M59412 PhoneBoy 2017-07-03T17:21:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3886#M59413 <HTML><HEAD></HEAD><BODY><P>SNORT rules would be tricky and not optimal for such requirement.</P><P>Meanwhile you can use fast packet drop feature - note that the configuration is on the gateway and not on the management.&nbsp;</P><P>Check Fast Packet Drop feature in 61k Admin Guide</P><P><A class="link-titled" href="http://dl3.checkpoint.com/paid/71/71ae92768b018816ab82d91d3b361345/CP_R76SP.30_Security_System_AdministrationGuide.pdf?HashKey=1499113431_bb90c391e1e45ddd1ac3c4c590fcabee&amp;xtn=.pdf" title="http://dl3.checkpoint.com/paid/71/71ae92768b018816ab82d91d3b361345/CP_R76SP.30_Security_System_AdministrationGuide.pdf?HashKey=1499113431_bb90c391e1e45ddd1ac3c4c590fcabee&amp;xtn=.pdf">http://dl3.checkpoint.com/paid/71/71ae92768b018816ab82d91d3b361345/CP_R76SP.30_Security_System_AdministrationGuide.pdf?H…</A>&nbsp;</P><P></P><P>In any case, please engage your Check Point SE.&nbsp;</P></BODY></HTML> Mon, 03 Jul 2017 18:27:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Does-61000-support-custom-Threat-indicators-in-any-version/m-p/3886#M59413 Gera_Dorfman 2017-07-03T18:27:08Z