This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LUCAM
Participant
a week ago
Jump to solution

IOC Feeds on Quantum Spark R81

Hi,

in my Quantum Spark 1500 series I'm trying to add some IOC custom feeds, in particular I'm trying to add this:

https://secureupdates.checkpoint.com/IP-list/TOR.txt

I looked at this articles

https://support.checkpoint.com/results/sk/sk132193

https://support.checkpoint.com/results/sk/sk103154

but adding the feed in CLI expert mode I always receive "Illegal characters in command"

CHECKPOINT> ioc_feeds add --feed_name remote_feed --transport https --resource "https://secureupdates.checkpoint.com/IP-list/TOR.txt"
Illegal characters in command

I also tried adding CSV feeds found in sk132193 but I always get the same error

Can you help me where am I going wrong?

thank you

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
a week ago
Jump to solution

I have a customer with similar working, what firmware version/build are you using?

R81.10.10 Build 996002906 (or higher)

SMBGWY-8631 Firewall New Feature: In the ioc_feeds command on a Centrally Managed Gateway, added support for IoC Feed from a custom CSV format.

Supported IoC types: IP Address, Domain Name, MD5 Hash, SHA1 Hash, SHA256 Hash.

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee
a week ago
Jump to solution

I have a customer with similar working, what firmware version/build are you using?

R81.10.10 Build 996002906 (or higher)

SMBGWY-8631 Firewall New Feature: In the ioc_feeds command on a Centrally Managed Gateway, added support for IoC Feed from a custom CSV format.

Supported IoC types: IP Address, Domain Name, MD5 Hash, SHA1 Hash, SHA256 Hash.

CCSM R77/R80/ELITE
0 Kudos
LUCAM
Participant
a week ago
In response to Chris_Atkinson
Jump to solution

Model
1530 Appliance


Version
R81.10.10 (996002993)

0 Kudos
LUCAM
Participant
a week ago
In response to LUCAM
Jump to solution

I confirm it works fine thank you Chris

LUCAM
Participant
Friday
In response to LUCAM
Jump to solution

I have a new question about this topic 😀😀

Now I have the IOC feeds configured as shown in attached file.

Even if the tor list is active and in prevent, I did some tests and I am able to reach some services behind the SMB through the Tor network.

Did I miss some configurations?

 

thank you

Preview file
17 KB
0 Kudos
PhoneBoy
Admin
Admin
Friday
In response to LUCAM
Jump to solution

Did you confirm the source IP of the communication is covered in those lists?
Suggest also engaging TAC.

0 Kudos
LUCAM
Participant
Saturday
In response to PhoneBoy
Jump to solution

Yes, the IPv4 is covered in the list,

I will contact TAC

thank you

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events