- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi,
I am looking for the documentation where I can be able to configure CloudGuard to have new snort rules uploaded via API. I have some TI snort rules every week and API to get new rules but I do not see any function in CloudGuard to have it automated to check, download and apply these rules from 3rd part. Thank you in advance.
Regards,
Matt
PhoneBoy
This is covered in the Threat Prevention Admin guide: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/...
Note we do not support all snort signature attributes (refer to manual for precise limitations).
For the signatures to take effect on the gateways, a Threat Prevention policy install will be required.
Thank you @PhoneBoy ! This should works I guess. One question more.
Adding a file with this text inside only should works or I need to convert it to a json?
rule.txt
alert tcp any any -> any any (msg:"Possible exploit"; content:"|90|";)
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY