https://community.checkpoint.com/t5/Firewall-and-Security-Management/Automate-CloudGuard-to-check-and-upload-new-snort-rules-via-API/m-p/99501#M13192 <P>This is covered in the Threat Prevention Admin guide:&nbsp;<A href="https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/Content/Topics-TPG/SNORT-Signature-Support.htm?Highlight=Snort" target="_blank">https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/Content/Topics-TPG/SNORT-Signature-Support.htm?Highlight=Snort</A></P> <P>Note we do not support all snort signature attributes (refer to manual for precise limitations).<BR />For the signatures to take effect on the gateways, a Threat Prevention policy install will be required.</P> Mon, 19 Oct 2020 13:55:03 GMT PhoneBoy 2020-10-19T13:55:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Automate-CloudGuard-to-check-and-upload-new-snort-rules-via-API/m-p/99485#M13191 <P>Hi,<BR />I am looking for the documentation where I can be able to configure CloudGuard to have new snort rules uploaded via API. I have some TI snort rules every week and API to get new rules but I do not see any function in CloudGuard to have it automated to check, download and apply these rules from 3rd part. Thank you in advance.</P><P>Regards,<BR />Matt</P> Mon, 19 Oct 2020 11:04:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Automate-CloudGuard-to-check-and-upload-new-snort-rules-via-API/m-p/99485#M13191 mszastak 2020-10-19T11:04:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Automate-CloudGuard-to-check-and-upload-new-snort-rules-via-API/m-p/99501#M13192 <P>This is covered in the Threat Prevention Admin guide:&nbsp;<A href="https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/Content/Topics-TPG/SNORT-Signature-Support.htm?Highlight=Snort" target="_blank">https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/Content/Topics-TPG/SNORT-Signature-Support.htm?Highlight=Snort</A></P> <P>Note we do not support all snort signature attributes (refer to manual for precise limitations).<BR />For the signatures to take effect on the gateways, a Threat Prevention policy install will be required.</P> Mon, 19 Oct 2020 13:55:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Automate-CloudGuard-to-check-and-upload-new-snort-rules-via-API/m-p/99501#M13192 PhoneBoy 2020-10-19T13:55:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Automate-CloudGuard-to-check-and-upload-new-snort-rules-via-API/m-p/99686#M13193 <P>Thank you&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp; ! This should works I guess. One question more.</P><P>Adding a file with this text inside only should works or I need to convert it to a json?</P><P>rule.txt</P><P><SPAN>alert tcp any any -&gt; any any (msg:"Possible exploit"; content:"|90|";)</SPAN></P> Wed, 21 Oct 2020 09:05:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Automate-CloudGuard-to-check-and-upload-new-snort-rules-via-API/m-p/99686#M13193 mszastak 2020-10-21T09:05:10Z