Search Indicators

The Search Indicators page allows you to search for an IoC across all the input feeds.

To search for an IoC across multiple input feeds:

1. In the Search field, enter the value, protection name or description of the IoC and press the Enter key.

   • Enter a minimum of three and maximum of up to 100 characters. If the characters exceed 100, then the system omits the extra characters and shows the search results for the trimmed value.

   • The system shows a maximum of 200 search results.

   The system displays the search results.

   

   Note - If an IoC belongs to multiple feeds, the IoC is listed for each feed.

   The search results shows these details:

   Item	Description
   IoC type	Icon Description IP address File (MD5, SHA1 or SHA256) Domain. For example, checkpoint.com URL. For example, https://www.checkpoint.com/infinity/portal/ Disabled IoC. The disabled IoC row is grayed out by default.
   Indicator	IoC name and Protection name.
   Feed	The input feed that contains the IoC and indicates whether the feed is in the Default Blend. Note - Only the IoCs included in the Default Blend are enforced on the Check PointSecurity Gateway.
   Confidence	Confidence level of the IoC detection. If it displays the default Confidence value inherited from the feed, then it is indicated with a tool tip Inherited from feed.
   Severity	Severity of the IoC. If it displays the default Severity value inherited from the feed, then it is indicated with a tool tip Inherited from feed.
   Expires in (UTC)	Time until the IoC expires, in the UTC time zone. After the IoC expires, it is automatically deleted. indicates that the IoC expiration date is soon.
   Last update	Date on which the IoC was last updated.

2. To disable the IoC, select the IoC and click Disable.

   

   Note - You cannot disable IoCs that belong to live feeds.

3. To view the IoC information in the Input Feeds page, select the IoC and in the right-pane, click and then click Open in feed.