Skip to main content
Update an existing Threat IOC (Indicator of Compromise) feed with new information.
External DocumentationTo learn more, visit the Check Point Management documentation.

Parameters

ParameterDescription
ActionThe new action to take when the IOC is matched.
Feed URLThe new URL for the Threat IOC feed.
IOC FeedThe unique identifier (UID) or name of the Threat IOC feed to update.
New NameThe new name for the Threat IOC feed.

Example Output

{
	"uid": "f16bf59e-321d-422a-b9c4-99ae07a67804",
	"name": "example-updated",
	"type": "threat-ioc-feed",
	"domain": {
		"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
		"name": "SMC User",
		"domain-type": "domain"
	},
	"v": "domain",
	"feed-type": "domain",
	"feed-url": "https://example.com/feed.xml",
	"use-gateway-proxy": true,
	"use-custom-feed-settings": false,
	"action": "Prevent",
	"enabled": true,
	"custom-headers": [],
	"comments": "",
	"color": "black",
	"icon": "ThreatPrevention/FileGlobe",
	"tags": [],
	"meta-info": {
		"lock": "unlocked",
		"validation-state": "ok",
		"last-modify-time": {
			"posix": 1687873017010,
			"iso-8601": "2023-06-27T16:36+0300"
		},
		"last-modifier": "admin",
		"creation-time": {
			"posix": 1687872974795,
			"iso-8601": "2023-06-27T16:36+0300"
		},
		"creator": "admin"
	},
	"read-only": true,
	"available-actions": {}
}

Workflow Library Example

Update Threat Ioc Feed with Check Point Management and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop