Managing IoCs

Indicator of Compromise (IoC) is an indicator to cyber security professionals about an unusual activity or an attack. Harmony Browse allows you to add IoCs for domains, IP addresses, URLs, MD5 Hash keys and SHA1 Hash keys that are automatically blocked by File Protection (Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. and Threat ExtractionClosed Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.) and URL FilteringClosed Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF. without the need to install the policy.

Prerequisite

  • For the IoCs domain, IP address and URL, activate (Prevent or Detect) the URL Filtering capability.

  • For the IoCs MD5 Hash and SHA1 Hash, activate (Prevent or Detect) the Download Protection capability.

To add IoCs:

  1. Click Policy > Threat Prevention.

  2. Click Manage IoCs.

  3. Click .

    The New IoC window appears.

  4. Select a Type and enter a Value and Comment (optional).

  5. Click OK.

    The IoC is added to the table.

To import IoCs from an excel sheet:

You can import IoCs from an excel sheet containing up to 10000 entries in the format:

  1. Click Policy > Threat Prevention.

  2. Click Manage IoCs.

  3. Click .

    The Import IoCs window appears.

  4. Click Upload and select the excel sheet.

    Note - The system verifies the entries in the excel and discards invalid entries.

  5. Click Import.

    The IoCs are added to the table.

To edit an IoC:

  1. Click Policy > Threat Prevention.

  2. Click Manage IoCs.

  3. Select the IoC.

  4. Click .

    The Edit IoC window appears.

  5. Make the required changes.

  6. Click OK.

To delete IoCs:

  1. Click Policy > Threat Prevention.

  2. Click Manage IoCs.

  3. Select the IoCs.

  4. Click .

    A prompt appears.

  5. Click OK.

To export IoCs to an excel sheet:

  1. Click Policy > Threat Prevention.

  2. Click Manage IoCs.

  3. Click .

    The system exports the IoCs to an excel sheet.