Importing Threat Indicator Files through SmartConsole

When you manually upload threat indicator files through SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., the files must be in a CSV Check Point format or STIXClosed Structured Threat Information eXpression™. A language that describes cyber threat information in a standardized and structured way. XML (STIX 1.0) format. The files must contain records of equal size. If an indicator file has records which do not have the same number of fields, it does not load.

Step

Instructions

1

In the SmartConsole main view, go to Security Policies>Threat Prevention> Custom Policy >Custom Policy Tools> Indicators.

2

Click New, and select Import file.

The Indicator configuration window opens.

3

Enter a Name.

Each IndicatorClosed Pattern of relevant observable malicious activity in an operational cyber domain, with relevant information on how to interpret it and how to handle it. must have a unique name.

4

Enter Object Comment (optional).

5

Click Import to browse to the Indicator file.

The content of each file must be unique. You cannot load duplicate files.

6

Select an action for this Indicator:

7

Add Tag.

8

Click OK.

If you leave an optional field empty, a warning notifies you that the default values are used in the empty fields. Click OK. The Indicator file loads.

9

Install the Threat Prevention Policy.