It's Here!
CPX 360 2021 Content
Check Point Harmony
Highest Level of Security for Remote Users
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
Advanced Protection for
Small and Medium Business
Secure Endpoints from
the Sunburst Attack
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi,
I am looking for the documentation where I can be able to configure CloudGuard to have new snort rules uploaded via API. I have some TI snort rules every week and API to get new rules but I do not see any function in CloudGuard to have it automated to check, download and apply these rules from 3rd part. Thank you in advance.
Regards,
Matt
PhoneBoy
This is covered in the Threat Prevention Admin guide: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/...
Note we do not support all snort signature attributes (refer to manual for precise limitations).
For the signatures to take effect on the gateways, a Threat Prevention policy install will be required.
Thank you @PhoneBoy ! This should works I guess. One question more.
Adding a file with this text inside only should works or I need to convert it to a json?
rule.txt
alert tcp any any -> any any (msg:"Possible exploit"; content:"|90|";)
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY