Configure an Indicator of Compromise

  1. In Check Point Portal, go to Policy > Threat Prevention.
  2. In the toolbar, select Manage IoC. No need to install policy.
  3. In the table that appears, manually add new Indicators of Compromise by type.

    IoC Type

    Example

    Domain checkpoint.com
    IP Address 192.168.1.1
    URL checkpoint.com/test.htm
    MD5 Hash 2eb040283b008eee17aa2988ece13152
    SHA1 Hash 510ce67048d3e7ec864471831925f12e79b4d70f
  4. Hover over the icon next to Type to view the capabilities required for each type.
    • URL, Domain and IP require Anti-Bot and URL Filtering capabilities.

    • SHA1 and MD5 Hashes require Threat Extraction and Threat Emulation capabilities.

  5. The user can also upload his own manually-created CSV list of indicators.
  6. To verify, on the endpoint, access the IoC (for example, a URL). The system blocks the access to the IoC.