Introduction to Infinity IoC

The Infinity IoC is a centralized platform to manage Indicators of Compromise (IoCs) across products. It collects IoCs from various products through feeds (manual or live). These IoCs are aggregated into a list, which you can enforce through the supported enforcers.

00:00: The Infinity IoC is a centralized platform to manage Indicators of Compromise across your products. It collects IoCs from various products through feeds and consolidates them into a list, which you can enforce through the supported enforcers. This video shows how to use Infinity IOC to manage your IoCs. 00:20: Access Infinity XDR XPR and click New IOC Management. 00:25: Click Input Feeds. An input feed is a collection of IoCs from your products. 00:30: You can collect IoCs either through a manual feed or a live feed. 00:34: A manual feed, allows you to add IOCs manually. To create a manual feed, click New manual feed. 00:41: Enter the feed details and click Save. 00:44: Hover over the manual feed you just created and click the arrow. 00:48: Click New 00:49: And enter the IoC details and click Save. 00:52: Optionally, you can quickly add IoCs by importing them from a CSV file. 00:58: A live feed, uses a URL to automatically import and sync IOCs from an external application. To create a live feed, click New live feed. 01:07: Enter the feed details including the URL to a text file that contains IoCs and click Save. 01:13: Now, to enforce the collected IoCs from both manual and live feeds, click Output Blends. 01:19: The Indicators tab shows IoCs collected from all the input feeds. 01:24: To enforce IoCs, click Feeds and Configuration. Note that this is supported only with applications that support IoC input in the CSV file format, such as the Check Point Security Gateway. 01:36: Turn on the toggle button. 01:38: Copy the required public blend link. The link is to a dynamic CSV file that contains a list of IoCs to be enforced. As a final step, use the link as an input with the application to enforce IoCs. 01:52: Thank you for watching the video.

Supported Products

• Infinity XDR/XPR

• Infinity Playblocks

• Harmony Endpoint

• Harmony Email & Collaboration

Note - You can also add IoCs from a third-party application either manually or automatically through a live feed. For more information, see Input Feeds.

Supported Enforcers

Enforcers are platforms that Infinity IoC integrates with to enforce IoCs. By default, Infinity IoC enforces IoCs on all supported enforcers.

Note - You cannot enforce IoCs only on a specific enforcer.

The supported enforcers are:

• Security Gateway

  You can enforce IoCs through:

• Security Gateway version R80.30 and higher.

• SmartConsole version R81 and higher.

  To enforce, see Integrating Output Blends with a Security Gateway.

• Harmony Endpoint Security Client

  The IoCs are enforced automatically with Harmony Endpoint Security Client version E87.10 or higher.

• Harmony Email & Collaboration

  The IoCs are enforced automatically with Harmony Email & Collaboration.

• Third-party applications that support IoC input in the CSV file format. For more information, see Blend Details.

Known Limitations

See sk181065.