Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hllrdm
Participant

Threat Indicators

Click to Expand

 

We added the Threat Indicator to R80.40 through the SmartConsole, by exporting a CSV file.
How do we find information through ssh GAIA about which Indicators are currently installed on the cluster? We have tried using the ioc_feeds show command, but we get the output:
There are no existing feeds

Total number of feeds: 0
Active feeds: 0


Searching through the file we messed up through the SmartConsole didn't help either. Please help me find our Indicator in Gaia so that we can be sure that the Indicators have installed on the cluster.

Screen.jpg

0 Kudos
2 Replies
Timothy_Hall
Champion
Champion

I don't know an easy way to dump the list of patterns/signatures being enforced by the gateway, but you could try giving your custom indicator a unique name, install policy to the gateway, then try to grep for the name of the custom indicator out on the gateway where it has its complied policy cached like this:

grep -i  indicatorname  $FWDIR/state/local/FW1/*

grep -i  indicatorname  $FWDIR/state/local/AMW/*

Watch My 2023 CPX360 Speech Titled "Max Power
Reloaded: R81+ Gateway Performance Innovations"
0 Kudos
Hllrdm
Participant

Is it possible to delete a certain line from an imported CSV file in R80.40?
Or is it necessary to delete the whole added file and then attach a new one, where a certain line will be deleted?

For example, delete the first line without deleting the whole file?

ioc.jpg

0 Kudos