This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Andrew_Rawlinso
Participant
‎2024-06-14 04:12 AM
Jump to solution

Updatable Objects - Audit changes and contents

Hi,

I have been looking at rolling out Updatable Objects on our firewall policies, specifically for Zscaler at the moment. Is there a way to:

  1. Check in SmartConsole Logs when the Objects are changed/updated?
  2. Interrogate the contents of the Updatable Object on the Gateways themselves?

For context, I have looked at sk131852 (Updatable Objects (checkpoint.com)), sk173416 (How to manage access to external services using Updatable objects - FAQ (checkpoint.com)) and sk161632 (Domains Tool (domains_tool) (checkpoint.com)). The Domains_Tool is useful but only shows that domains are used, not IP addresses.

The admin guides shows the following, but it does not seem to work for me, or I cannot filter enough to see it!:

2024-06-14_11-56-11.jpg
 
The InfoSec team within my Company would like to be able to audit the Updatable Objects periodically to ensure the dynamic access granted is correct and appropriate. Any help on this would be gratefully received,

Thanks
Andy
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-06-14 03:51 PM
Jump to solution

You can use domains_tool to show you what IPs are associated with each domain.
The updatable objects are updated from files downloaded to $CPDIR/database/downloads/ONLINE_SERVICES on the gateways.
The original source material for each of the Updatable Objects should be listed here: https://support.checkpoint.com/results/sk/sk131852

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2024-06-14 03:51 PM
Jump to solution

You can use domains_tool to show you what IPs are associated with each domain.
The updatable objects are updated from files downloaded to $CPDIR/database/downloads/ONLINE_SERVICES on the gateways.
The original source material for each of the Updatable Objects should be listed here: https://support.checkpoint.com/results/sk/sk131852

0 Kudos
Andrew_Rawlinso
Participant
‎2024-06-17 05:53 AM
In response to PhoneBoy
Jump to solution

Thanks for the response. I can see within the "ONLINE_SERVICES" folders all the services listed:

 

42ddf892-8cdd-4fa7-a7ce-7c3356da86b6.jpg

If you "cat" one these services files you get the complete listing of domains and IPs associated with the services. 

2024-06-17_13-48-02.jpg

That should answer everything my infosec colleagues would required, so thanks for the point in the right direction. I appreciate it.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-06-17 09:07 AM
In response to Andrew_Rawlinso
Jump to solution

I figured the source files would probably be the most useful 🙂

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events