This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
pfilipe
Contributor
‎2022-03-03 01:52 AM
Jump to solution

Importing Indicator Error "Indicator in row 1 has less fields than expected"

Hello,

 

I am trying to Import a External CSV File to Checkpoint Indicators but getting the error "Indicator in row 1 has less fields than expected".

Already tried with Checkpoint examples as seen on https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut.... But no success.

 

Could somone provide me an CSV that works to see what is the correct syntax and to see if i keep getting the error?

 

Best regards.

0 Kudos
2 Solutions

Accepted Solutions
AaronCP
Advisor
‎2022-09-05 12:19 PM
In response to kweiwing_neng
Jump to solution

I am using this exact template for our IOC feed on R81 management

View solution in original post

Preview file
1 KB
(1)
Shiran_Gold
Employee
Employee
‎2022-09-08 04:46 AM
Jump to solution

Hello,

I am happy to see the issue was resolved.

Loading IOC CSV is based on using Check Point's template.

more information can be found in sk132193 

in R81.10 presents new IOC capabilities that allows IOC configuration using a simple menu which will include custom feeds as well

View solution in original post

0 Kudos
14 Replies
the_rock
Legend
Legend
‎2022-03-03 06:54 AM
Jump to solution

You may want to have TAC help you with this, as I saw someone post same problem before on here, but there was no solution. Personally, I had never tried this before, so wont even try give you a suggestion, sorry.

Though, if you can provide me with your CSV file and steps you used to import it, Im happy to try it in my lab and report back.

0 Kudos
pfilipe
Contributor
‎2022-03-03 06:56 AM
In response to the_rock
Jump to solution

Will Open a TAC case then. If i get any developments will post here.

 

Thanks anyway!

0 Kudos
AaronCP
Advisor
‎2022-03-08 09:25 AM
In response to pfilipe
Jump to solution

Hey @pfilipe,

 

Have you had a response from TAC? I'm getting this error when importing an IOC CSV file into R80.40 SmartConsole. Interested to see if TAC have given you any advice/example CSVs.

 

Thanks,

 

Aaron.

0 Kudos
pfilipe
Contributor
‎2022-03-08 09:32 AM
In response to AaronCP
Jump to solution

Hello Aaron,

 

I found the correct Syntax it needs to have all the fields Uniq-Name,value,Type,Confidence,Severity,Product,Comment.

Where Value is the IP/URL/DOMAIN you want to block. Like this!

domain1,google.com,Domain,high,high,AV,Domain

AaronCP
Advisor
‎2022-03-08 09:40 AM
In response to pfilipe
Jump to solution

That's great! Thanks for that 😊

0 Kudos
kweiwing_neng
Participant
‎2022-09-01 02:16 AM
In response to pfilipe
Jump to solution

Hi @pfilipe,

 

Possible could share the csv example template?  Many thanks.

0 Kudos
pfilipe
Contributor
‎2022-09-01 02:32 AM
In response to kweiwing_neng
Jump to solution

Hello,

Yes, this is for hashes for example.
The syntax is Uniq-Name,value,Type,Confidence,Severity,Product,Comment.

Product are AV - Antivirus and AB-AntiBot.

The comment is not Mandatory and can be null. If you want to use an IP for example:

IP1,192.168.1.1,IP,high,high,AB,

Best regards,

PF

Preview file
1 KB
0 Kudos
kweiwing_neng
Participant
‎2022-09-01 02:43 AM
In response to pfilipe
Jump to solution

Hi Pfilipe,

 

Many thanks for the feedback, however was try import the file you gave thru smartconsole still encounter the same error.

Is that any syntax need to add in order to import?

Best Regards,

WScreenshot_1.png

0 Kudos
pfilipe
Contributor
‎2022-09-01 02:59 AM
In response to kweiwing_neng
Jump to solution

That is weird. Because i have the exact same file implemented on a checkpoint in R81.10. Only if checkpoint changed the syntax somehow...

AaronCP
Advisor
‎2022-09-05 12:19 PM
In response to kweiwing_neng
Jump to solution

I am using this exact template for our IOC feed on R81 management

Preview file
1 KB
(1)
kweiwing_neng
Participant
‎2022-09-05 06:26 PM
In response to AaronCP
Jump to solution

@AaronCP 

Many thanks the file, is work perfectly.

0 Kudos
Vimal_ananth
Explorer
‎2025-06-02 02:50 AM
In response to kweiwing_neng
Jump to solution

we got same error that u got we have smart console on remote server have can we resolve this issue

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-03-03 07:00 AM
Jump to solution

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ThreatPrevention_AdminGuide/...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Shiran_Gold
Employee
Employee
‎2022-09-08 04:46 AM
Jump to solution

Hello,

I am happy to see the issue was resolved.

Loading IOC CSV is based on using Check Point's template.

more information can be found in sk132193 

in R81.10 presents new IOC capabilities that allows IOC configuration using a simple menu which will include custom feeds as well

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events