The (formerly Infinity IoC) is a centralized platform designed to manage Indicators of Compromise (IoCs) from various resources. It enables ingestion, aggregation, deduplication, and analysis of IoC data from multiple sources, reducing SOC noise and improving focus on real threats. By sending custom IoC collections to relevant security tools, the IOC Management module operationalizes threat intelligence, streamlines security operations, and increases productivity for defenders.
00:03: The Infinity IoC is a centralized platform to manage Indicators
00:07: of Compromise across your products.
00:09: It collects IoCs from various products through feeds and consolidates
00:13: them into collections, which you can integrate with other security products. This
00:18: video demonstrates how to use Infinity IOC to manage your IoCs.
00:23: To access the IOC Management portal, access the Infinity XDR
00:28: XPR Administrator Portal and click IOC Management.
00:33: First, go to the inputs tab, to configure your input data feeds available
00:37: sources. Include iocs from checkpoint products.
00:40: External vendors custom feeds and manual.
00:44: Feeds.
00:45: The Check Point section includes all feeds created by Check Point products.
00:49: In the feed Marketplace section, you can configure and connect to feeds from external
00:53: vendors to activate a feed.
00:55: Click the three dots and click setup.
00:58: Enter the feed details and click Save.
01:01: In the Custom Integrations section, you can add custom feeds using supported feed
01:05: formats. To create a custom feed,
01:08: click Add feed and select the appropriate feed format.
01:12: Enter a feed name and the feed URL. Then, click Save.
01:15: In the Custom Manual Feeds section, you can create a feed and manually
01:19: add IoCs to it. To begin, click Add feed.
01:23: Enter the feed details and click Sav
01:26: To add IoCs to a manual feed, click the feed row.
01:30: You can manually add up to 50 Ajo C's or import iocs
01:34: from a file.
01:36: After setting up the input feeds, you can optionally create exclusions for indicators
01:40: that you want to exclude from output collections.
01:42: So that they are not blocked by the integrated products to create
01:46: an exclusion, go to the exclusions page, and click add new exclusion.
01:51: Enter the indicator details and click Save.
01:55: Next. Create a new collection to group The related input feeds for that, go
01:59: to outputs page and click the collections tab.
02:01: Then click new collection. The checkpoint collection is added by default.
02:06: Enter a name for the collection, select the feeds, you want to include and click
02:10: save, if you selected multiple feeds set their priority,
02:14: using the up and down arrows, the aggregator automatically removes duplicate
02:19: iocs retaining only the entries from the highest priority.
02:23: Source
02:24: As the final step integrate, your ioc collections with other security
02:28: products, For that, go to the Integrations tab, by
02:32: default. Ioc management is connected to the supported checkpoint products to
02:36: add a new integration, click new integr
02:40: Select the integration and click Next.
02:43: Enter the required configuration details and complete the setup.
02:46: Then click done. After the integration is complete.
02:49: The iocs are enforced on the integrated product.
02:54: Thank you for watching
