Configuring Threat Indicators

Threat Indicators lets you add feeds to the Anti-BotClosed Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT. and Anti-VirusClosed Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV. engines, in addition to the feeds included in the Check Point packages and ThreatCloud feeds. You can create your own threat indicator files or import them from external sources. You can upload the files both through SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. and through the CLI.

An Indicator is a set of observables which represent a malicious activity in an operational cyber domain, with relevant information on how to interpret it and how to handle it.

An Observable is an event or a stateful property that can be observed in an operational cyber domain. Such as: IP address, MD5 file signature, SHA1 file signature, SHA256 file signature, URL, Mail sender address.

Threat Indicators demonstrate an attack by:

  • Specific observable patterns

  • Additional information intended to represent objects and behaviors of interest in a cyber-security context

Indicators are derived from intelligence, self-analysis, governments, partners, and so on.