Using SandBlast API from commandline

Document created by Thomas Werner Employee on Aug 20, 2018Last modified by Thomas Werner Employee on Aug 20, 2018
Version 2Show Document
  • View in full screen mode

Hi all,

 

I started writing a bash script to use TEAPI with a simple commandline syntax.

The attached bash script has the following pre-requisites (which can be installed on GAiA also):

 

Prerequisites to install
1) JQ
      curl -o /tmp/jq -k -L https://github.com/stedolan/jq/releases/download/jq-1.4/jq-linux-x86

      mv /tmp/jq /usr/bin

      chmod +x /usr/bin/jq

 

Changes according to your environment

Within the beginning of the script:

 

1) Set TESERVER variable 

         e.g. TESERVER=127.0.0.1:18194 if you run the script directly on a TE appliance

2) Set TEIMAGES variable

         change the variable content to your available images

 

Usage of the script

# ./TEAPIcli.sh <filename> <action>

 

Where <action> can be:

1) query

         queries the API for a result of <filename>´s hash and returns verdict if found

2) upload

         upload the file <filename>

3) report

         queries the API for available reports of <filename>´s hash. If reports are available they will be downloaded to separate files calles <filename sha1>_<reportid>.report.

         The files contain the XML data of the TE forensic report.

 

Have fun ! Any comments and additions are highly appreciated.

 

 

Regards Thomas

 

PS-Disclaimer:This script has no official Check Point TAC support 

1 person found this helpful

Attachments

Outcomes