This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TSOL
Advisor
‎2024-11-07 12:38 AM

Verifying Threat Intelligence Import using Custom Feed

Hello Team

 

We have configured a custom feed as we aim to detect threats using our managed blacklist.

However, it is not functioning properly, and we need to determine whether the import has failed or if there is a configuration error.

Is there a way to verify the imported threat intelligence?

Thank you for the advice.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2024-11-07 05:12 PM

Did you try the troubleshooting steps here? https://support.checkpoint.com/results/sk/sk132193 

0 Kudos
TSOL
Advisor
‎2024-11-10 06:16 PM
In response to PhoneBoy

Thank you.

It seems that the retrieval of custom blacklists, such as "hxxp://balcklist-A.net", within the "$FWDIR/external_ioc/Indicator-A/indicator-A_https" file has been successful.
However, it appears that PCs under the gateway are still able to access sites on that blacklist.

When using original indicators, are they applied through custom policies in the same way as other antivirus solutions?

Are there any special configurations required for this?

I would appreciate any advice you could provide.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-11-11 07:48 AM
In response to TSOL

Can you confirm what blades are active on the gateway in question?
Last I knew, this feature requires Anti-Virus and Anti-Bot to be enabled.

0 Kudos
TSOL
Advisor
‎2024-11-11 07:02 PM
In response to PhoneBoy

Yes,in my environment, I believe the Anti-Bot and Anti-Virus blades are enabled as shown in the screen below.

if you have any advice, please let me know.

Thank you in advance.

 

Preview file
25 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2024-11-12 10:56 AM
In response to TSOL

Check the troubleshooting steps here: https://support.checkpoint.com/results/sk/sk132193
TAC may be necessary for further assistance.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events