This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Varun_Arora
Explorer
‎2017-07-01 10:28 PM

Does 61000 support custom Threat indicators in any version

Threat Prevention has a option to add custom indicators from R77.20 and above. However, 61000 versions are R76SP.X. Does 61000 support the deployment of custom indicators in any version. We are running 61000 in R76SP.40 in VSX mode.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2017-07-02 10:09 PM

The next major release for the Scalable Platforms is expected to be based on R80 and thus should support this functionality. 

Meanwhile, I would engage with your Check Point SE to discuss your specific requirements to see what can be done in the meantime.

Moti
Admin
Admin
‎2017-07-02 10:11 PM

Gera Dorfman , can't it be done maybe with a custom sig (snort ?) ?

0 Kudos
Gera_Dorfman
Employee
Employee
‎2017-07-03 01:29 AM
In response to Moti

As Dameon mentioned, we plan to align features set of Scalable Platform with R80.X. 

Regarding the specific requirement, we need to understand which exact indicators are planned and see if meanwhile it can be achieved with SNORT. 

0 Kudos
Varun_Arora
Explorer
‎2017-07-03 02:00 AM
In response to Gera_Dorfman

Hi Gera, we are looking for simple IOC blocking with Md5 or IP Address for the prevention using Threat Indicators. Sample is shown below:

#UNIQ-NAMEVALUETYPECONFIDENCESEVERITYPRODUCT
HOST107.181.174.34107.181.174.34IPHighAB
HOST10.10.10.2010.10.10.20IPHighAV
file123680e480e13981a4d96f7ed72f35c7fMD5LowAV
0 Kudos
PhoneBoy
Admin
Admin
‎2017-07-03 10:21 AM
In response to Varun_Arora

You may able to leverage Private ThreatCloud to do the file hashes today, not 100% sure on IPs.

Either way, I recommend engaging your Check Point SE. 

0 Kudos
Gera_Dorfman
Employee
Employee
‎2017-07-03 11:27 AM
In response to Varun_Arora

SNORT rules would be tricky and not optimal for such requirement.

Meanwhile you can use fast packet drop feature - note that the configuration is on the gateway and not on the management. 

Check Fast Packet Drop feature in 61k Admin Guide

http://dl3.checkpoint.com/paid/71/71ae92768b018816ab82d91d3b361345/CP_R76SP.30_Security_System_Admin... 

In any case, please engage your Check Point SE. 

0 Kudos