Global IoC Block List (IOC Management)

With Check Point Infinity IoC, SOC teams actively manages IoCs globally, ensuring that every IoC you choose to enforce applies across all Check Point products, including Harmony Email & Collaboration.

For example, if you add a URL to the global IoC blocklist, it will flag as malicious any emails, Teams messages, and clicks on rewritten links that contain this URL.

For information about IoC Management, see Infinity IoC Administration Guide.

Accessing Global IoC Block List

You can access the the global IoC block list in the following ways:

• Through accessing the Harmony Email & Collaboration Administrator Portal and select the IOC Management links in the different Exceptions pages.

  For example, go to Exceptions > Anti-Phishing and select IOC Management in the top right corner.

  

• Directly through this link: https://portal.checkpoint.com/dashboard/xdr-xpr/xdrxpr#/ThreatCloudIOCMgmt.

• Through accessing the Infinity XDR Portal and select IoC Management > Inputs.

For information about accessing global IoC block list and about the supported geographical regions, see Infinity IoC Administration Guide.

Managing IoCs and IoC Feeds

You can manage IoCs globally in two ways:

• Individual Management - SOC teams actively search for incidents or suspicious events and manually adds IoCs to enforce globally.

• Integration with 3rd Party IoC feeds - Connect to an IoC feed your SOC team is subscribed to. This integration automatically enforces all IoCs received from the feed for your Harmony Email & CollaborationAdministrator Portal.

For information about managing IoCs and IoC feeds, see Infinity IoC Administration Guide.

Note - Harmony Email & Collaboration supports only URL and Domain type of IoCs through IoC Management.