Check Point Cyberint IOC Connector: Critical Data Ingestion Restoration

What Changed

Critical fix for Check Point Cyberint IOC connector addressing complete data ingestion failure.

Security Impact (Visibility & Fidelity)

Complete Ingestion Failure: Deployments running v3.0.1 had zero IOC data ingested due to:

Broken API Endpoint: Static placeholder prevented API calls from reaching Cyberint servers
Malformed Schema: Duplicate schema nesting in table definition caused DCR creation failures

Data Blind Spot: Organizations using this connector for threat intelligence IOC enrichment had no Cyberint IOC data flowing to iocsent_CL table since initial deployment — complete visibility loss for Cyberint threat indicators.

Connector Fixes

API Configuration: Fixed endpoint construction from placeholder to dynamic template using proper ARM template syntax for connecting to Cyberint IOC API endpoints.

Schema Structure: Removed duplicate schema wrapper in table definition enabling proper iocsent_CL table creation.

Post-fix, connector now successfully ingests daily IOC feeds containing confidence scores, severity ratings, and threat activity descriptions.

Affected Files

Solutions/Check Point Cyberint IOC/Data Connectors/CyberintArgosIOCLogs_ccp/CyberintArgosIOCLogs_PollingConfig.json
Solutions/Check Point Cyberint IOC/Data Connectors/CyberintArgosIOCLogs_ccp/CyberintArgosIOCLogs_Table.json
(packaging artefacts: 3.0.2.zip, ReleaseNotes.md, mainTemplate.json)

What Changed#

Security Impact (Visibility & Fidelity)#

Connector Fixes#

Affected Files#

What Changed

Security Impact (Visibility & Fidelity)

Connector Fixes

Affected Files