This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
_khard
Employee
Employee
‎2023-10-13 11:04 AM
Jump to solution

What is the difference between Custom Intelligence feed and Network Feeds ?

What is the difference between Custom Intelligence feed and Network Feeds ?

 

Both are used to push IP/domains which one needs to block without policy installation. 

 

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-10-13 12:26 PM
Jump to solution

Custom intelligence feeds are basically a block list for AntiVirus/AntiBot Blades, which are required to use this feature.
Network Feeds can be used in the Access Policy (in addition) and only requires Firewall blades.
Neither require a policy push to update.

Regardless of which method you use, if you have a lot of IoCs, R81.20 is a better choice as it supports millions of IoCs.

View solution in original post

(1)
_khard
Employee
Employee
‎2023-10-14 11:32 AM
In response to PhoneBoy
Jump to solution

Thanks @PhoneBoy  for your response. I could see that the Custom Intelligence Feed supports MD5(files) as well; which aren't supported in the external network feeds. 

I think basically if someone has NGFW lic - they could use it in access policy and if someone has NGTP lic - better to use Custom Intelligence Feeds. 

View solution in original post

0 Kudos
9 Replies
the_rock
Legend
Legend
‎2023-10-13 11:17 AM
Jump to solution

https://support.checkpoint.com/results/sk/sk132193

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid...

I would say biggest difference is that with network feeds, you CAN enforce fqdn, unlike with IOC you cant (not to be confused with International Olympic commitee lol)

Hope that helps.

Andy

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-13 12:26 PM
Jump to solution

Custom intelligence feeds are basically a block list for AntiVirus/AntiBot Blades, which are required to use this feature.
Network Feeds can be used in the Access Policy (in addition) and only requires Firewall blades.
Neither require a policy push to update.

Regardless of which method you use, if you have a lot of IoCs, R81.20 is a better choice as it supports millions of IoCs.

(1)
the_rock
Legend
Legend
‎2023-10-13 12:33 PM
In response to PhoneBoy
Jump to solution

Correct me if Im wrong when I say this, but dont you need a rule like below to take full advantage of IOC or is just having them in smart console enough?

Andy

 

Screenshot_1.png

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-13 01:03 PM
In response to the_rock
Jump to solution

Custom Intelligence Feeds are treated as "block" in AntiVirus/Anti-Bot blades.
There is no other configuration required in SmartConsole.

0 Kudos
the_rock
Legend
Legend
‎2023-10-13 01:10 PM
In response to PhoneBoy
Jump to solution

K, so just to make sure Im not missing anything...are you saying IF av blade is enabled on the firewall, and also on TP profile, then generic data center objects dont need to be added to any security rule?

Andy

 

Screenshot_1.png

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-10-13 05:00 PM
In response to the_rock
Jump to solution

Generic data centre objects are used differently from IOC feeds.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2023-10-13 05:09 PM
In response to Chris_Atkinson
Jump to solution

Thanks Chris, I was confusing some things here, long night last night troubleshooting Cisco switch lol

Anyway, I think Im good now...have a nice weekend mate.

Andy

_khard
Employee
Employee
‎2023-10-14 11:32 AM
In response to PhoneBoy
Jump to solution

Thanks @PhoneBoy  for your response. I could see that the Custom Intelligence Feed supports MD5(files) as well; which aren't supported in the external network feeds. 

I think basically if someone has NGFW lic - they could use it in access policy and if someone has NGTP lic - better to use Custom Intelligence Feeds. 

0 Kudos
the_rock
Legend
Legend
‎2023-10-14 03:48 PM
In response to _khard
Jump to solution

That makes sense.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events