Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Varun_Arora
Explorer

Does 61000 support custom Threat indicators in any version

Threat Prevention has a option to add custom indicators from R77.20 and above. However, 61000 versions are R76SP.X. Does 61000 support the deployment of custom indicators in any version. We are running 61000 in R76SP.40 in VSX mode.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

The next major release for the Scalable Platforms is expected to be based on R80 and thus should support this functionality. 

Meanwhile, I would engage with your Check Point SE to discuss your specific requirements to see what can be done in the meantime.

Moti
Admin
Admin

Gera Dorfman , can't it be done maybe with a custom sig (snort ?) ?

0 Kudos
Gera_Dorfman
Employee
Employee

As Dameon mentioned, we plan to align features set of Scalable Platform with R80.X. 

Regarding the specific requirement, we need to understand which exact indicators are planned and see if meanwhile it can be achieved with SNORT. 

0 Kudos
Varun_Arora
Explorer

Hi Gera, we are looking for simple IOC blocking with Md5 or IP Address for the prevention using Threat Indicators. Sample is shown below:

#UNIQ-NAMEVALUETYPECONFIDENCESEVERITYPRODUCT
HOST107.181.174.34107.181.174.34IPHighAB
HOST10.10.10.2010.10.10.20IPHighAV
file123680e480e13981a4d96f7ed72f35c7fMD5LowAV
0 Kudos
PhoneBoy
Admin
Admin

You may able to leverage Private ThreatCloud to do the file hashes today, not 100% sure on IPs.

Either way, I recommend engaging your Check Point SE. 

0 Kudos
Gera_Dorfman
Employee
Employee

SNORT rules would be tricky and not optimal for such requirement.

Meanwhile you can use fast packet drop feature - note that the configuration is on the gateway and not on the management. 

Check Fast Packet Drop feature in 61k Admin Guide

http://dl3.checkpoint.com/paid/71/71ae92768b018816ab82d91d3b361345/CP_R76SP.30_Security_System_Admin... 

In any case, please engage your Check Point SE. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events