- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Threat Prevention has a option to add custom indicators from R77.20 and above. However, 61000 versions are R76SP.X. Does 61000 support the deployment of custom indicators in any version. We are running 61000 in R76SP.40 in VSX mode.
The next major release for the Scalable Platforms is expected to be based on R80 and thus should support this functionality.
Meanwhile, I would engage with your Check Point SE to discuss your specific requirements to see what can be done in the meantime.
Gera Dorfman , can't it be done maybe with a custom sig (snort ?) ?
As Dameon mentioned, we plan to align features set of Scalable Platform with R80.X.
Regarding the specific requirement, we need to understand which exact indicators are planned and see if meanwhile it can be achieved with SNORT.
Hi Gera, we are looking for simple IOC blocking with Md5 or IP Address for the prevention using Threat Indicators. Sample is shown below:
#UNIQ-NAME | VALUE | TYPE | CONFIDENCE | SEVERITY | PRODUCT |
HOST107.181.174.34 | 107.181.174.34 | IP | High | AB | |
HOST10.10.10.20 | 10.10.10.20 | IP | High | AV | |
file1 | 23680e480e13981a4d96f7ed72f35c7f | MD5 | Low | AV |
You may able to leverage Private ThreatCloud to do the file hashes today, not 100% sure on IPs.
Either way, I recommend engaging your Check Point SE.
SNORT rules would be tricky and not optimal for such requirement.
Meanwhile you can use fast packet drop feature - note that the configuration is on the gateway and not on the management.
Check Fast Packet Drop feature in 61k Admin Guide
In any case, please engage your Check Point SE.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY