Configure an Indicator of Compromise
- In Check Point Portal, go to Policy > Threat Prevention.
- In the toolbar, select Manage IoC. No need to install policy.
-
In the table that appears, manually add new Indicators of Compromise by type.
IoC Type
Example
Domain checkpoint.comIP Address 192.168.1.1URL checkpoint.com/test.htmMD5 Hash 2eb040283b008eee17aa2988ece13152SHA1 Hash 510ce67048d3e7ec864471831925f12e79b4d70f -
Hover over the icon next to Type to view the capabilities required for each type.
-
URL, Domain and IP require Anti-Bot and URL Filtering capabilities.
-
SHA1 and MD5 Hashes require Threat Extraction and Threat Emulation capabilities.
-
- The user can also upload his own manually-created CSV list of indicators.
- To verify, on the endpoint, access the IoC (for example, a URL). The system blocks the access to the IoC.