- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Re: R81 Take 36 IOC feeds
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R81 Take 36 IOC feeds
When enable a custom IOC feed, I can see drops with a packet capture but no drops are showing in Smartview logs. Any idea why nothing is showing in the logs?
policy is pushed to the he’s.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are several ways to do this.
What precise method are you using to bring in the IOCs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PhoneBoy,
I am using sk132193
oc_feeds add --feed_name remote_csv_feed --transport http --resource "http://10.10.1.100/ioc/ioc_csv_file.csv" --feed_action Prevent
to install the feed and ioc_feeds show, show that it is installed. But I cannot see the drops in the SmartView logs. Since this is a custom feed, I need to see the drops just in case an incorrect IP was added to the block list. Unfortunately the logs are not showing drops.
Also, it works just fine with http but not working with https
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think you can fix the issue with HTTPS using: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
As for how ioc_feeds show up in drop logs @TP_Master any comments on that?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PhoneBoy,
I am able to get the cert installed. Still trying to figure out why http works and https drops the packets and nothing shows in the logs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds like this may need a TAC case.