Check Point गाइड

Is guide ka upyog karke Check Point me SmartConsole ke External IoC feeds ke through Cybora integrate karein. Ye native workflow Security Gateway ko aapke feed URL se direct observables fetch karne aur Threat Prevention ke through enforce karne deta hai.

What Check Point can do with a Cybora feed

• Check Point external feeds se IPs, domains, URLs aur dusre supported observables import kar sakta hai.
• Imported feed ko Check Point ke documented Threat Prevention engines ke through enforce kiya ja sakta hai.
• Aap feed ko pehle detect mode me chala sakte hain ya seedha prevent mode me le ja sakte hain.
• Gateways regular interval par external feeds fetch karte hain aur configured hone ke baad updates ko automatically enforce karte hain.

Before you start

• External IoC feeds ke liye R81 ya usse naya Security Gateway use karein.
• Ensure karein ki Threat Prevention enabled ho aur applicable profile me Indicator Scanning active ho.
• Ensure karein ki relevant gateways Cybora feed URL ko HTTP ya HTTPS ke through reach kar sakte hon.
• Pehle se decide kar lein ki detect-only rollout chahiye ya direct prevention.

Create the external IoC feed

1. SmartConsole me Security Policies > Threat Prevention > Custom Policy > Custom Policy Tools > Indicators par jayen.
2. New click karein aur apni release ke hisab se New IoC Feed ya External IoC Feed choose karein.
3. Object ka clear naam dein.
4. Action set karein. Detect initial validation phase ke liye useful hai. Prevent tab better hai jab aap chahte hain ki feed shuruaat se hi matching indicators actively block kare.
5. Feed URL me poora Cybora feed URL paste karein.
6. Wahi feed format choose karein jo aapke feed aur Check Point parsing workflow ke saath match karta ho.
7. Authentication sirf tab configure karein jab feed use require karta ho.
8. Test Feed ya Test Connectivity ka use karke confirm karein ki gateway feed tak pahunch sakta hai.
9. Object save karein aur Threat Prevention Policy install karein.

Refresh behavior and policy use

• Check Point document karta hai ki gateways configured external feeds ko default roop se har 30 minute me fetch karte hain.
• Is interval ko Manage & Settings > Blades > Threat Prevention > Advanced Settings > External Feed me change kiya ja sakta hai.
• Interval ko aise set karein ki wo aapke Cybora plan ke andar rahe. Allowed interval ke andar sirf ek request permitted hai. Excessive polling ki wajah se feed block ho sakta hai.
• Feed configure hone ke baad gateways updates ko turant enforce karte hain, bina har refresh par nayi Threat Prevention Policy install kiye.

Validation

1. Confirm karein ki intended gateway se feed test successful hai.
2. Verify karein ki applicable Threat Prevention profile me Indicator Scanning enabled hai.
3. Threat Prevention logs review karke detect ya prevent actions confirm karein.
4. Agar gateway feed retrieve nahi kar pa raha, to control logs aur feed URL tak connectivity path check karein.

Further reading

• Importing External Custom Intelligence Feeds in SmartConsole
• Importing External Custom Intelligence Feeds