This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dario1
Participant
‎2023-02-16 09:21 AM
Jump to solution

Sandblast force quick update

Afternoon gents,  I have been playing with Threat Emulation (Sandblast) also looked at the R81 TP admin guide but probably not as much as I should have.  At the moment Image update or the Detection Rules update isnt  happening (see the pic attached) I had to play with the Internet access policy to make sure TP updates are allowed which they are now.  The two curl commands below now return successful response.

"the two curl commands format not allowed in this post I had to remove it."

 

Is there any way of forcing the Image and the detection rules update rather then having to wait for the scheduled update to kick in tonight?

Is there a definitive list of Threat Emulation & Extraction FQDN's we need to allow out in order for TP to update with confidence.

 

thanks for your help again.

 

 

Preview file
28 KB
0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-02-16 10:18 AM
Jump to solution

Using the Check Point Services Dynamic Object is a surefire way to allow access to the relevant resources.
For a specific list related to Harmony Endpoint, see: https://support.checkpoint.com/results/sk/sk116590 

View solution in original post

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-16 03:13 PM
Jump to solution

Option 1: CLI commands

Trigger:
tecli advanced downloads ... = downloads actions
tecli advanced downloads update ... = initiates Threat Emulation engine update
tecli advanced downloads update all = Threat Emulation engine update of all components
tecli advanced downloads update images = Threat Emulation update of images
tecli advanced downloads update rules = Threat Emulation engine update of malware detection and static analysis rules (sk117672)
tecli advanced downloads update file types map = mapping of file types to real extension used in Windows OS
tecli advanced downloads update raw = Threat Emulation engine update of raw files (engine binary updates)

Verify:
tecli advanced engine version = displays the engine version
tecli show downloads all = status of all downloads

Option 2: Offline Update

sk92509 - Offline updates for Threat Emulation images and engine

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-02-16 10:18 AM
Jump to solution

Using the Check Point Services Dynamic Object is a surefire way to allow access to the relevant resources.
For a specific list related to Harmony Endpoint, see: https://support.checkpoint.com/results/sk/sk116590 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-16 03:13 PM
Jump to solution

Option 1: CLI commands

Trigger:
tecli advanced downloads ... = downloads actions
tecli advanced downloads update ... = initiates Threat Emulation engine update
tecli advanced downloads update all = Threat Emulation engine update of all components
tecli advanced downloads update images = Threat Emulation update of images
tecli advanced downloads update rules = Threat Emulation engine update of malware detection and static analysis rules (sk117672)
tecli advanced downloads update file types map = mapping of file types to real extension used in Windows OS
tecli advanced downloads update raw = Threat Emulation engine update of raw files (engine binary updates)

Verify:
tecli advanced engine version = displays the engine version
tecli show downloads all = status of all downloads

Option 2: Offline Update

sk92509 - Offline updates for Threat Emulation images and engine

CCSM R77/R80/ELITE
0 Kudos
Dario1
Participant
‎2023-02-17 01:44 AM
In response to Chris_Atkinson
Jump to solution

PhoneBoy & Chris thank you boys really appreciate it, that answers both of my queries with flying colours. I now got the full list of update URL's as well as a list of commands to invoke TP updates. Many thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events