Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thomas_Werner
Employee Alumnus
Employee Alumnus

Using SandBlast API from commandline

Hi all,

I started writing a bash script to use TEAPI with a simple commandline syntax.

The attached bash script has the following pre-requisites (which can be installed on GAiA also):

Prerequisites to install
1) JQ
      curl -o /tmp/jq -k -L https://github.com/stedolan/jq/releases/download/jq-1.4/jq-linux-x86

      mv /tmp/jq /usr/bin

      chmod +x /usr/bin/jq

Changes according to your environment

Within the beginning of the script:

1) Set TESERVER variable 

         e.g. TESERVER=127.0.0.1:18194 if you run the script directly on a TE appliance

2) Set TEIMAGES variable

         change the variable content to your available images

Usage of the script

# ./TEAPIcli.sh <filename> <action>

Where <action> can be:

1) query

         queries the API for a result of <filename>´s hash and returns verdict if found

2) upload

         upload the file <filename>

3) report

         queries the API for available reports of <filename>´s hash. If reports are available they will be downloaded to separate files calles <filename sha1>_<reportid>.report.

         The files contain the XML data of the TE forensic report.

Have fun ! Any comments and additions are highly appreciated.

Regards Thomas

PS-Disclaimer:This script has no official Check Point TAC support 

2 Replies
HeikoAnkenbrand
Champion Champion
Champion

Very nice! I will test it right now.

Without TAC support Smiley Happy.

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus

I´ll support Smiley Happy

Regards Thomas

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events