Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dario1
Participant
Jump to solution

Sandblast force quick update

Afternoon gents,  I have been playing with Threat Emulation (Sandblast) also looked at the R81 TP admin guide but probably not as much as I should have.  At the moment Image update or the Detection Rules update isnt  happening (see the pic attached) I had to play with the Internet access policy to make sure TP updates are allowed which they are now.  The two curl commands below now return successful response.

"the two curl commands format not allowed in this post I had to remove it."

 

Is there any way of forcing the Image and the detection rules update rather then having to wait for the scheduled update to kick in tonight?

Is there a definitive list of Threat Emulation & Extraction FQDN's we need to allow out in order for TP to update with confidence.

 

thanks for your help again.

 

 

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

Using the Check Point Services Dynamic Object is a surefire way to allow access to the relevant resources.
For a specific list related to Harmony Endpoint, see: https://support.checkpoint.com/results/sk/sk116590 

View solution in original post

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Option 1: CLI commands

Trigger:
tecli advanced downloads ... = downloads actions
tecli advanced downloads update ... = initiates Threat Emulation engine update
tecli advanced downloads update all = Threat Emulation engine update of all components
tecli advanced downloads update images = Threat Emulation update of images
tecli advanced downloads update rules = Threat Emulation engine update of malware detection and static analysis rules (sk117672)
tecli advanced downloads update file types map = mapping of file types to real extension used in Windows OS
tecli advanced downloads update raw = Threat Emulation engine update of raw files (engine binary updates)

Verify:
tecli advanced engine version = displays the engine version
tecli show downloads all = status of all downloads

Option 2: Offline Update

sk92509 - Offline updates for Threat Emulation images and engine

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Using the Check Point Services Dynamic Object is a surefire way to allow access to the relevant resources.
For a specific list related to Harmony Endpoint, see: https://support.checkpoint.com/results/sk/sk116590 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Option 1: CLI commands

Trigger:
tecli advanced downloads ... = downloads actions
tecli advanced downloads update ... = initiates Threat Emulation engine update
tecli advanced downloads update all = Threat Emulation engine update of all components
tecli advanced downloads update images = Threat Emulation update of images
tecli advanced downloads update rules = Threat Emulation engine update of malware detection and static analysis rules (sk117672)
tecli advanced downloads update file types map = mapping of file types to real extension used in Windows OS
tecli advanced downloads update raw = Threat Emulation engine update of raw files (engine binary updates)

Verify:
tecli advanced engine version = displays the engine version
tecli show downloads all = status of all downloads

Option 2: Offline Update

sk92509 - Offline updates for Threat Emulation images and engine

CCSM R77/R80/ELITE
0 Kudos
Dario1
Participant

PhoneBoy & Chris thank you boys really appreciate it, that answers both of my queries with flying colours. I now got the full list of update URL's as well as a list of commands to invoke TP updates. Many thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events