Using SandBlast API from commandline

Thomas_Werner — Mon, 20 Aug 2018 13:37:05 GMT

Hi all,

I started writing a bash script to use TEAPI with a simple commandline syntax.

The attached bash script has the following pre-requisites (which can be installed on GAiA also):

Prerequisites to install
1) JQ
curl -o /tmp/jq -k -L https://github.com/stedolan/jq/releases/download/jq-1.4/jq-linux-x86

mv /tmp/jq /usr/bin

chmod +x /usr/bin/jq

Changes according to your environment

Within the beginning of the script:

1) Set TESERVER variable

e.g. TESERVER=127.0.0.1:18194 if you run the script directly on a TE appliance

2) Set TEIMAGES variable

change the variable content to your available images

Usage of the script

# ./TEAPIcli.sh <filename> <action>

Where <action> can be:

1) query

queries the API for a result of <filename>´s hash and returns verdict if found

2) upload

upload the file <filename>

3) report

queries the API for available reports of <filename>´s hash. If reports are available they will be downloaded to separate files calles <filename sha1>_<reportid>.report.

The files contain the XML data of the TE forensic report.

Have fun ! Any comments and additions are highly appreciated.

Regards Thomas

PS-Disclaimer:This script has no official Check Point TAC support

Re: Using SandBlast API from commandline

HeikoAnkenbrand — Mon, 20 Aug 2018 14:41:12 GMT

Very nice! I will test it right now.

Without TAC support .

Regards,

Heiko

Re: Using SandBlast API from commandline

Thomas_Werner — Mon, 20 Aug 2018 16:09:27 GMT

I´ll support

Regards Thomas

topic Using SandBlast API from commandline in API / CLI Discussion

Using SandBlast API from commandline

Re: Using SandBlast API from commandline

Re: Using SandBlast API from commandline