This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
unleashed
Explorer
‎2024-06-16 01:03 PM

issue with manual IOC

hi 

we configured a policy to block IOCs. IP objects and domain objects. we encounter a wired behavior that, randomly, Check Point blocks legitimate IP addresses. 

for example, we have added domain marl.com in the domain object to be blocked. Suddenly CP block google DNS 8.8.8.8, when we check the logs, it shows that 8.8.8.8 blocked because it's belonging to domain marl.com which is already added in IOC object. however, when we resolve the domain marl.com on the gateway it shows IP is 172.35.*. * 

any clue why this happened?

Thanks,

Labels
0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2024-06-17 04:30 PM

The Occam's Razor answer is that it appears that, at least briefly, marl.com did resolve to 8.8.8.8.
Why that happened would likely require further investigation.

0 Kudos
the_rock
Legend
Legend
‎2024-06-17 08:07 PM

Might need TAC case to check this further.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top