00:03: The Infinity IoC is a centralized platform to manage Indicators
00:07: of Compromise across your products.
00:09: It collects IoCs from various products through feeds and consolidates
00:13: them into collections, which you can integrate with other security products. This
00:18: video demonstrates how to use Infinity IOC to manage your IoCs.
00:23: To access the IOC Management portal, access the Infinity XDR
00:28: XPR Administrator Portal and click IOC Management.
00:33: First, go to the inputs tab, to configure your input data feeds available
00:37: sources. Include iocs from checkpoint products.
00:40: External vendors custom feeds and manual.
00:44: Feeds.
00:45: The Check Point section includes all feeds created by Check Point products.
00:49: In the feed Marketplace section, you can configure and connect to feeds from external
00:53: vendors to activate a feed.
00:55: Click the three dots and click setup.
00:58: Enter the feed details and click Save.
01:01: In the Custom Integrations section, you can add custom feeds using supported feed
01:05: formats. To create a custom feed,
01:08: click Add feed and select the appropriate feed format.
01:12: Enter a feed name and the feed URL. Then, click Save.
01:15: In the Custom Manual Feeds section, you can create a feed and manually
01:19: add IoCs to it. To begin, click Add feed.
01:23: Enter the feed details and click Sav
01:26: To add IoCs to a manual feed, click the feed row.
01:30: You can manually add up to 50 Ajo C's or import iocs
01:34: from a file.
01:36: After setting up the input feeds, you can optionally create exclusions for indicators
01:40: that you want to exclude from output collections.
01:42: So that they are not blocked by the integrated products to create
01:46: an exclusion, go to the exclusions page, and click add new exclusion.
01:51: Enter the indicator details and click Save.
01:55: Next. Create a new collection to group The related input feeds for that, go
01:59: to outputs page and click the collections tab.
02:01: Then click new collection. The checkpoint collection is added by default.
02:06: Enter a name for the collection, select the feeds, you want to include and click
02:10: save, if you selected multiple feeds set their priority,
02:14: using the up and down arrows, the aggregator automatically removes duplicate
02:19: iocs retaining only the entries from the highest priority.
02:23: Source
02:24: As the final step integrate, your ioc collections with other security
02:28: products, For that, go to the Integrations tab, by
02:32: default. Ioc management is connected to the supported checkpoint products to
02:36: add a new integration, click new integr
02:40: Select the integration and click Next.
02:43: Enter the required configuration details and complete the setup.
02:46: Then click done. After the integration is complete.
02:49: The iocs are enforced on the integrated product.
02:54: Thank you for watching
