Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TSOL
Advisor

Verifying Threat Intelligence Import using Custom Feed

Hello Team

 

We have configured a custom feed as we aim to detect threats using our managed blacklist.

However, it is not functioning properly, and we need to determine whether the import has failed or if there is a configuration error.

Is there a way to verify the imported threat intelligence?

Thank you for the advice.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Did you try the troubleshooting steps here? https://support.checkpoint.com/results/sk/sk132193 

0 Kudos
TSOL
Advisor

Thank you.

It seems that the retrieval of custom blacklists, such as "hxxp://balcklist-A.net", within the "$FWDIR/external_ioc/Indicator-A/indicator-A_https" file has been successful.
However, it appears that PCs under the gateway are still able to access sites on that blacklist.

When using original indicators, are they applied through custom policies in the same way as other antivirus solutions?

Are there any special configurations required for this?

I would appreciate any advice you could provide.

0 Kudos
PhoneBoy
Admin
Admin

Can you confirm what blades are active on the gateway in question?
Last I knew, this feature requires Anti-Virus and Anti-Bot to be enabled.

0 Kudos
TSOL
Advisor

Yes,in my environment, I believe the Anti-Bot and Anti-Virus blades are enabled as shown in the screen below.

if you have any advice, please let me know.

Thank you in advance.

 

0 Kudos
PhoneBoy
Admin
Admin

Check the troubleshooting steps here: https://support.checkpoint.com/results/sk/sk132193
TAC may be necessary for further assistance.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events