cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Application Control Signature Tool

I'm wondering if anyone out there is using the Application Control Signature Tool referenced in sk103051. Checkpoint support suggested that I use it to write some custom application signatures for cloud-based websites we use (in our case, ADP and YouEarnedIt). 

If other people are using it, I'm wondering if there exists (or is interest in) a public repository of rules for sites that CKPT doesn't support. I figure we shouldn't all have to rewrite rules, we should be able to share them.

6 Replies
Admin
Admin

Re: Application Control Signature Tool

Anyone is, of course, welcome to post Application Signatures they've created on CheckMates.

0 Kudos
Employee+
Employee+

Re: Application Control Signature Tool

One other way to get apps added to the Application Control database is to provide packet captures of the application in use and any other supporting documentation(for off the shelf apps).  This can be accomplished via a support ticket or through your SE.  Feel free to ping me if you have questions. 

Re: Application Control Signature Tool

I guess I'll get my SE involved - when I requested the applications through support, they sent me to the tool. They didn't ask me any questions about the applications or offer to help get them identified.

0 Kudos
Employee+
Employee+

Re: Application Control Signature Tool

Feel free to CC me on those emails.  First initial, last name, at checkpoint dot com.

0 Kudos

Re: Application Control Signature Tool

Thanks Jeff!

One additional question. Some of the traffic is HTTPS, would we have to have HTTPS inspection enabled in order to get them the traffic captures that they would need?

0 Kudos
Employee+
Employee+

Re: Application Control Signature Tool

No problem.  Needing the clear traffic is ideal but not always necessary.  It really depends on how granular you want the control to be.  If there are specific features within the application that you would want to monitor/control then you would likely need the clear traffic capture.  Think Facebook Messenger versus regular Facebook.  If not, then there is a chance that we can detect it without.  Hope that makes sense.