Check Point

Check Point Network Feed / Custom Intelligence Installation

Integrate KDC IOC data using Check Point External Network Feed or Custom Intelligence Feed methods.

IntegrationNetwork Feed / Custom Intelligence AccessEnvironment-specific feed format after approval

Controlled access

Apply to use KDC's secure feed infrastructure

KDC USOM Feed Service is available only to reviewed and approved organizations. After technical review and approval, the connection IP/FQDN, port, feed URLs, and vendor-specific values are delivered through a secure channel.

View the application process

1. Requirements

Before installation

Administrative accessSmartConsole/Smart-1 administrative access or gateway Expert mode permissions.

Source public IPThe actual public egress address used for feed access.

DNS and TLSThe KDC-provided FQDN and certificate chain must validate after approval.

Product eligibilityVerify R82 Network Feed or Custom Intelligence Feed support for the deployed release.

2. Integration method

Choose Network Feed or Custom Intelligence Feed

External Network Feed: Suitable for importing IP and domain objects from HTTP/HTTPS and using them in policy.
Custom Intelligence Feed: Suitable for URLs and broader IOC types in Threat Prevention.

The KDC approval document identifies the method appropriate for your environment and Check Point release.

3. Network Feed

Create the IP and domain feed object

Create a Network Feed object in SmartConsole and enter the feed URL, update interval, and authentication values from the KDC approval document.

Object	Content	Source
KDC-USOM-NETWORK	IP and/or domain	Check Point Network Feed URL from the KDC approval document

4. Custom Intelligence

Add the URL and advanced IOC feed

Create an External IOC Feed in Threat Prevention or use ioc_feeds commands in gateway CLI. Map the format according to the KDC-provided Check Point schema.

ioc_feeds show

5. Policy

Attach the feed to access or Threat Prevention policy

Use the Network Feed object in source or destination matches.
Attach the Custom Intelligence Feed to the related Threat Prevention profile and layer.
Start with logging and limited scope.

6. Verification

Check gateway access and feed state

Verify gateway access to the feed source.
Review last update and import state in SmartConsole.
Inspect ioc_feeds state and errors in CLI.
Validate log matches after policy installation.

7. Rollback

Remove references and reinstall policy

Remove the feed object from policy layers.
Install policy and review logs.
Delete or disable the unused feed object.

Vendor KB and official documentation

Check Point references

Before implementation, also review the official administration guide, release notes, and capacity limits for the deployed product version.

External Network FeedsHTTP/HTTPS sunucularından IP ve domain network feed kullanımı. Importing External Custom Intelligence Feeds in SmartConsoleSmartConsole üzerinden üçüncü taraf IOC feed tanımlama. Importing External Custom Intelligence Feeds in CLIioc_feeds komutlarıyla CLI yönetimi. IoC Feeds for Quantum SparkQuantum Spark cihazlarında IoC feed kavramı ve gözlemlenebilir türleri.

The KDC guide does not replace vendor documentation. Menu names, license requirements, and supported capabilities can vary by product version and model.