Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lnawara
Explorer

R81 Take 36 IOC feeds

When enable a custom IOC feed, I can see drops with a packet capture but no drops are showing in Smartview logs.  Any idea why nothing is showing in the logs?

policy is pushed to the he’s. 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

There are several ways to do this.
What precise method are you using to bring in the IOCs?

0 Kudos
larryn
Employee
Employee

PhoneBoy,

 I am using sk132193  

oc_feeds add --feed_name remote_csv_feed --transport http --resource "http://10.10.1.100/ioc/ioc_csv_file.csv" --feed_action Prevent

to install the feed and ioc_feeds show, show that it is installed. But I cannot see the drops in the SmartView logs. Since this is  a custom feed, I need to see the drops just in case an incorrect IP was added to the block list. Unfortunately the logs are not showing drops. 

Also, it works just fine with http but not working with https

0 Kudos
PhoneBoy
Admin
Admin

I think you can fix the issue with HTTPS using: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
As for how ioc_feeds show up in drop logs @TP_Master any comments on that?

0 Kudos
larryn
Employee
Employee

PhoneBoy,

I am able to get the cert installed. Still trying to figure out why http works and https drops the packets and nothing shows in the logs. 

0 Kudos
PhoneBoy
Admin
Admin

Sounds like this may need a TAC case.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events