Showing results for 
Search instead for 
Did you mean: 
Create a Post

How to extract imported indicator files


How can i extract imported csv indicator files from device or can i take their reports ?



Tags (1)
2 Replies

Re: How to extract imported indicator files

See sk92264:


  • User adds his indicator file which can be either CSV file or STIX formatted file.
  • SmartConsole does basic validation for this file, for example it checks that the file is not empty and that CSV file is in the expected format.
  • When uploading a file to SmartConsole, an XML file is generated for displaying purposes only.
  • Security Management server gives an unique UUID for each Indicator file in the system.

Code Generation

  1. Prepares IOC metadata as a new fwset object called "indicators". This set contains each indicator's filename, SDB name, uuid, etc.
  2. Creates a zip file with all the indicator files themselves. 

So, if you did add an indicator file, better save a backup - there is no export or report possibility available as you did generate the csv yourself...

0 Kudos

Re: How to extract imported indicator files

In R80.20.M1, you should be able to use the API to see the Threat Indicators.

See: Check Point - Management API reference: show threat-indicators 

0 Kudos