Global IoC Block List (IOC Management)
With Check Point IoC Management, SOC teams actively manages IoCs globally, ensuring that every IoC you choose to enforce applies across all Check Point products, including Email Security.
For example, if you add a URL to the global IoC blocklist, it will flag as malicious any emails, Teams messages, and clicks on rewritten links that contain this URL.
For information about IoC Management, see Check Point IoC Administration Guide.
Accessing Global IoC Block List
You can access the the global IoC block list in the following ways:
-
Through accessing the Email Security Administrator Portal and select the IOC Management links in the different Exceptions pages.
For example, go to Exceptions > Anti-Phishing and select IOC Management in the top right corner.
-
Directly through this link: https://portal.checkpoint.com/dashboard/xdr-xpr/xdrxpr#/ThreatCloudIOCMgmt.
-
Through accessing the Check Point XDR Portal and select IoC Management > Inputs.
For information about accessing global IoC block list and about the supported geographical regions, see Check Point IoC Administration Guide.
Managing IoCs and IoC Feeds
You can manage IoCs globally in two ways:
-
Individual Management - SOC teams actively search for incidents or suspicious events and manually adds IoCs to enforce globally.
-
Integration with 3rd Party IoC feeds - Connect to an IoC feed your SOC team is subscribed to. This integration automatically enforces all IoCs received from the feed for your Email SecurityAdministrator Portal.
For information about managing IoCs and IoC feeds, see Check Point IoC Administration Guide.
|
|
Note - Email Security supports these type of IoCs through IoC Management:
|
