Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jake_Williams
Participant

Application Control Signature Tool

I'm wondering if anyone out there is using the Application Control Signature Tool referenced in sk103051. Checkpoint support suggested that I use it to write some custom application signatures for cloud-based websites we use (in our case, ADP and YouEarnedIt). 

If other people are using it, I'm wondering if there exists (or is interest in) a public repository of rules for sites that CKPT doesn't support. I figure we shouldn't all have to rewrite rules, we should be able to share them.

6 Replies
PhoneBoy
Admin
Admin

Anyone is, of course, welcome to post Application Signatures they've created on CheckMates.

0 Kudos
Jeff_Engel
Employee
Employee

One other way to get apps added to the Application Control database is to provide packet captures of the application in use and any other supporting documentation(for off the shelf apps).  This can be accomplished via a support ticket or through your SE.  Feel free to ping me if you have questions. 

Jake_Williams
Participant

I guess I'll get my SE involved - when I requested the applications through support, they sent me to the tool. They didn't ask me any questions about the applications or offer to help get them identified.

0 Kudos
Jeff_Engel
Employee
Employee

Feel free to CC me on those emails.  First initial, last name, at checkpoint dot com.

0 Kudos
Jake_Williams
Participant

Thanks Jeff!

One additional question. Some of the traffic is HTTPS, would we have to have HTTPS inspection enabled in order to get them the traffic captures that they would need?

0 Kudos
Jeff_Engel
Employee
Employee

No problem.  Needing the clear traffic is ideal but not always necessary.  It really depends on how granular you want the control to be.  If there are specific features within the application that you would want to monitor/control then you would likely need the clear traffic capture.  Think Facebook Messenger versus regular Facebook.  If not, then there is a chance that we can detect it without.  Hope that makes sense.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events