This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Javier002
Participant
‎2021-06-14 03:20 AM
Jump to solution

How to assign a group of filtered signatures to Profile IPS /TP?

Hello,

I´m trying to create a Threat profile that only contains a group of selected signatures with: Threat Year > 2015 AND Confidence Level = Hight AND Severity = Critical, High. Is this possible? Because you can filter with those parameters but I can´t find how to create a profile filtering with them.

Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2021-06-14 07:54 AM
Jump to solution

First, set the General Policy as wanted. I suggest not to use Detect in Activation Mode:

policy.PNG

Then, instead of activating selected signatures with: Threat Year > 2015 only, just deactivate all signatures with: Threat Year < 2016:

additional.PNG

With Protections to Activate Any you can be sure to get all the newest protections activated (if they fall into your General Profile). As there is no Year: 2021 you would not get newer protections than 2020 activated if you use a Threat Year list here...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
1 Reply
G_W_Albrecht
Legend Legend
Legend
‎2021-06-14 07:54 AM
Jump to solution

First, set the General Policy as wanted. I suggest not to use Detect in Activation Mode:

policy.PNG

Then, instead of activating selected signatures with: Threat Year > 2015 only, just deactivate all signatures with: Threat Year < 2016:

additional.PNG

With Protections to Activate Any you can be sure to get all the newest protections activated (if they fall into your General Profile). As there is no Year: 2021 you would not get newer protections than 2020 activated if you use a Threat Year list here...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events