topic Re: Get early access to our new Threat Prevention APIs in API / CLI Discussion

Get early access to our new Threat Prevention APIs

Yoav_Lasman — Sun, 16 Jun 2019 12:11:53 GMT

Take control of new Threat Prevention APIs powered by the largest Threat Cloud in the industry:

URL Reputation – for a domain/URL returns the classification and risk in accessing the resource

File Reputation – for a file digest (md5/sha1/sha256/sha512) returns the risk in downloading the file without the need to scan it

IP Reputation - for an IP address returns it’s classification and risk in accessing a resource hosted on it

Mail Security – upload an email for scanning against malware and phishing attacks, based on award winning Sandblast engines

All APIs are RESTful, simple to use and can be integrated as part of a SOAR application, home-made application and more!

If you’re a Check Point customer interested in participating in the early availability stage drop me a mail at yoav@checkpoint.com

Re: Get early access to our new Threat Prevention APIs

Yoav_Lasman — Tue, 07 Jan 2020 07:56:52 GMT

Detailed API instructions including samples in Java/Python can now be found in our GitHub repository.

Check it out here - https://github.com/CheckPointSW/reputation-service-api

Re: Get early access to our new Threat Prevention APIs

Martin_Raska — Tue, 11 Feb 2020 12:43:08 GMT

There is typo in the python code

rep_res = requests.post(f'https://rep.checkpoint.com/{service}-rep/service/v2.0/query?resource={resource}')

this f char is repeating in code and prevent from compilation. After fix those, its running.

Python v3.6

Click 7.0

Requests 2.22

Re: Get early access to our new Threat Prevention APIs

Martin_Raska — Wed, 12 Feb 2020 12:49:20 GMT

no, still not working, we can run it without any command

root@cacti-virtual-machine:/home/cacti# reputation-api
Usage: reputation-api [OPTIONS]
Try "reputation-api --help" for help.

Error: Missing option "-s" / "--service". Choose from:
url,
file,
ip.

But with arguments
root@cacti-virtual-machine:/home/cacti# reputation-api -s url -r www.abc.com -ck XXYYZZ
api.utils.exceptions.StatusCodeException: Operation failed with status {self.status_code}

Re: Get early access to our new Threat Prevention APIs

aviadl — Tue, 03 Mar 2020 08:02:39 GMT

Hi Martin,

The f is not a typo. It's a new way to format strings in python and the change introduce in python 3.6 (https://www.python.org/dev/peps/pep-0498/), so if you're running python 3.6, the code should work.

Once you removed only the f from your code without changing the strings formats, your code will not work as expected.

We'll update the code to support older versions of python 3.

Meanwhile, feel free to contact me and I'll be happy to assists you: aviadl@checkpoint.com

Re: Get early access to our new Threat Prevention APIs

Martin_Raska — Tue, 03 Mar 2020 13:41:32 GMT

Hi Aviadl,
I dont know what exactly changed but right now I am able to compile your code with Python 3.6 and rep-api is working correctly.

root@cacti-virtual-machine:/home/cacti/REP_API_F# reputation-api -s url -r www.aaa.com -ck XXZZYY
www.aaa.com is Benign with risk 0/100

Re: Get early access to our new Threat Prevention APIs

aviadl — Tue, 03 Mar 2020 13:43:29 GMT

That's great!

Re: Get early access to our new Threat Prevention APIs

Blason_R — Tue, 16 Jun 2020 08:06:25 GMT

Hey,

May be I am passing wrong header - but can you help me fixing the typo with reputation-api?

curl -XGET -H Client-Key https://rep.checkpoint.com/rep-auth/service/v1.0/request

Plus on my Ubuntu 18.04 python3 getting below errors

Traceback (most recent call last):
File "/usr/local/bin/reputation-api", line 11, in <module>
load_entry_point('reputation-service-API-client==1.0.1', 'console_scripts', 'reputation-api')()
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2852, in load_entry_point
return ep.load()
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2443, in load
return self.resolve()
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2449, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "build/bdist.linux-x86_64/egg/api/__main__.py", line 7, in <module>
File "/usr/local/lib/python2.7/dist-packages/reputation_service_API_client-1.0.1-py2.7.egg/api/utils/exceptions.py", line 2
def __init__(self, status_code: int, *args: object) -> None:

Re: Get early access to our new Threat Prevention APIs

aviadl — Wed, 17 Jun 2020 06:43:25 GMT

Hi @Blason_R ,

For curl, please try this command:

curl -X GET 'https://rep.checkpoint.com/rep-auth/service/v1.0/request' -H 'Client-Key: <your client key>'

Replace <your client key> with your client key 🙂

As for the python error:

Can you write the full command you tried?
Can you make sure you actually running python 3? from the traceback I see that it's running from python 2.7 somehow.

Waiting for your updates,

Aviad

Re: Get early access to our new Threat Prevention APIs

Blason_R — Wed, 17 Jun 2020 07:20:47 GMT

Yes I have python 2.7 installed as well along with Python 3.

Also, the main query is I am not able to generate Client-key using curl parameter. How do I generate the ck?

Re: Get early access to our new Threat Prevention APIs

aviadl — Wed, 02 Feb 2022 14:44:58 GMT

You can't generate Client-Key yourself.

Please contact TCAPI_SUPPORT@checkpoint.com to get a key

Re: Get early access to our new Threat Prevention APIs

Blason_R — Wed, 17 Jun 2020 07:47:18 GMT

Oh - I misread probably then 🙂

So I need a ck and based on this I can generate the token which is valid for a week right?

Re: Get early access to our new Threat Prevention APIs

aviadl — Wed, 17 Jun 2020 07:49:38 GMT

Yes 😊