Using SandBlast API from commandline

Document created by Thomas Werner Employee on Aug 20, 2018Last modified by Thomas Werner Employee on Aug 20, 2018
Version 2Show Document
  • View in full screen mode

Hi all,


I started writing a bash script to use TEAPI with a simple commandline syntax.

The attached bash script has the following pre-requisites (which can be installed on GAiA also):


Prerequisites to install
1) JQ
      curl -o /tmp/jq -k -L

      mv /tmp/jq /usr/bin

      chmod +x /usr/bin/jq


Changes according to your environment

Within the beginning of the script:


1) Set TESERVER variable 

         e.g. TESERVER= if you run the script directly on a TE appliance

2) Set TEIMAGES variable

         change the variable content to your available images


Usage of the script

# ./ <filename> <action>


Where <action> can be:

1) query

         queries the API for a result of <filename>´s hash and returns verdict if found

2) upload

         upload the file <filename>

3) report

         queries the API for available reports of <filename>´s hash. If reports are available they will be downloaded to separate files calles <filename sha1>_<reportid>.report.

         The files contain the XML data of the TE forensic report.


Have fun ! Any comments and additions are highly appreciated.



Regards Thomas


PS-Disclaimer:This script has no official Check Point TAC support 

3 people found this helpful