Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
_khard
Employee Alumnus
Employee Alumnus
Jump to solution

What is the difference between Custom Intelligence feed and Network Feeds ?

What is the difference between Custom Intelligence feed and Network Feeds ?

 

Both are used to push IP/domains which one needs to block without policy installation. 

 

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

Custom intelligence feeds are basically a block list for AntiVirus/AntiBot Blades, which are required to use this feature.
Network Feeds can be used in the Access Policy (in addition) and only requires Firewall blades.
Neither require a policy push to update.

Regardless of which method you use, if you have a lot of IoCs, R81.20 is a better choice as it supports millions of IoCs.

View solution in original post

(1)
_khard
Employee Alumnus
Employee Alumnus

Thanks @PhoneBoy  for your response. I could see that the Custom Intelligence Feed supports MD5(files) as well; which aren't supported in the external network feeds. 

I think basically if someone has NGFW lic - they could use it in access policy and if someone has NGTP lic - better to use Custom Intelligence Feeds. 

View solution in original post

0 Kudos
9 Replies
the_rock
Legend
Legend

https://support.checkpoint.com/results/sk/sk132193

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid...

I would say biggest difference is that with network feeds, you CAN enforce fqdn, unlike with IOC you cant (not to be confused with International Olympic commitee lol)

Hope that helps.

Andy

 

 

0 Kudos
PhoneBoy
Admin
Admin

Custom intelligence feeds are basically a block list for AntiVirus/AntiBot Blades, which are required to use this feature.
Network Feeds can be used in the Access Policy (in addition) and only requires Firewall blades.
Neither require a policy push to update.

Regardless of which method you use, if you have a lot of IoCs, R81.20 is a better choice as it supports millions of IoCs.

(1)
the_rock
Legend
Legend

Correct me if Im wrong when I say this, but dont you need a rule like below to take full advantage of IOC or is just having them in smart console enough?

Andy

 

Screenshot_1.png

0 Kudos
PhoneBoy
Admin
Admin

Custom Intelligence Feeds are treated as "block" in AntiVirus/Anti-Bot blades.
There is no other configuration required in SmartConsole.

0 Kudos
the_rock
Legend
Legend

K, so just to make sure Im not missing anything...are you saying IF av blade is enabled on the firewall, and also on TP profile, then generic data center objects dont need to be added to any security rule?

Andy

 

Screenshot_1.png

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Generic data centre objects are used differently from IOC feeds.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend

Thanks Chris, I was confusing some things here, long night last night troubleshooting Cisco switch lol

Anyway, I think Im good now...have a nice weekend mate.

Andy

_khard
Employee Alumnus
Employee Alumnus

Thanks @PhoneBoy  for your response. I could see that the Custom Intelligence Feed supports MD5(files) as well; which aren't supported in the external network feeds. 

I think basically if someone has NGFW lic - they could use it in access policy and if someone has NGTP lic - better to use Custom Intelligence Feeds. 

0 Kudos
the_rock
Legend
Legend

That makes sense.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events