This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2023-03-22 01:43 AM

Cheat sheet for "dynamic" type objects references

Updated May 2025!

I made presentation during CPX back in 2022 about the topic of objects that can keep rulebase up to date without actually installing policy (=helping automation and zero trust journey). There has been quite a few improvements since and I keep getting questions so I decided to make a reference point for myself here instead of trying to locate info every time I get asked 

Name Documentation Requirements Data formats Brief summary
Custom Intelligence Feeds (IoC) sk132193
Infinity IoC feeds 		 R80.30 + AB/AV blade CSV or STIX XML

To be efficient, HTTPS inspection will be required
It can only block and cannot be used as an object in rules
CLI only (so each GW must be updated separately) before R81
Supports many data types: IP, URL, domain, Hashes etc.
Infinity IoC feeds allows multiplexing of many external and internal feeds into one as well as publishing to be consumed by non-CP products and vendors.
Generic Datacenter object sk167210 R81 + FW blade JSON IP as source data only (no domains nor URLs)
Can be used in regular rules (drop and accept)
External Network feed Security Management R81.20 Administration Guide R81.20 + FW blade Text or JSON Technically the same principle as Updatable Objects
IP and domains can be used as source data
Can be used in regular rules
Wildcards in domain names can be tricky, read manuals and test
Domain Objects (aka FQDN objects) sk120633 - main article
sk161612 - DNS passive learning
sk161632 - domains tool		 R80.10 + FW blade CP Object Domain names only (not URLs)
Can be used in regular rules
Wildcards (non-FQDN mode) can be tricky, read manuals and test
Nothing to maintain externally
Dynamic Objects

skI1915
sk116367 

 R54 + FW blade via CLI only IP as source data only (no domains nor URLs)
Can be used in regular rules (drop and accept)
CLI updates only (so each GW must be updated separately)
Must be scripted, won't update by itself
Updatable Objects sk131852  R80.20 + FW blade NA Pre-defined by Check Point, cannot be modified
Can be used in regular rules to accept and drop
IoT Protect Quantum IoT Protect Administration Guide 

R81.20 + IOT blade

R81.10 is in EA

 NA

Pre-defined by Check Point, cannot be modified
Requires integration with CP Infinity cloud

License is required! All-in-one does not work
Identity Roles Identity Awareness Administration Guide  R77 NA External sources that will map users to IPs dynamically
Whole separate subject, but not to be forgotten
Data Center Query Data Center Query Objects  R81.10 Tags obtained from DC Query Object based on attributes across multiple data centers
(2)
Who rated this post