This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hllrdm
Contributor
‎2022-03-30 06:20 AM

Threat Indicators

Click to Expand

 

We added the Threat Indicator to R80.40 through the SmartConsole, by exporting a CSV file.
How do we find information through ssh GAIA about which Indicators are currently installed on the cluster? We have tried using the ioc_feeds show command, but we get the output:
There are no existing feeds

Total number of feeds: 0
Active feeds: 0


Searching through the file we messed up through the SmartConsole didn't help either. Please help me find our Indicator in Gaia so that we can be sure that the Indicators have installed on the cluster.

Screen.jpg

0 Kudos
2 Replies
Timothy_Hall
Legend Legend
Legend
‎2022-03-30 09:34 AM

I don't know an easy way to dump the list of patterns/signatures being enforced by the gateway, but you could try giving your custom indicator a unique name, install policy to the gateway, then try to grep for the name of the custom indicator out on the gateway where it has its complied policy cached like this:

grep -i  indicatorname  $FWDIR/state/local/FW1/*

grep -i  indicatorname  $FWDIR/state/local/AMW/*

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos
Hllrdm
Contributor
‎2022-03-30 11:33 PM
In response to Timothy_Hall

Is it possible to delete a certain line from an imported CSV file in R80.40?
Or is it necessary to delete the whole added file and then attach a new one, where a certain line will be deleted?

For example, delete the first line without deleting the whole file?

ioc.jpg

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events