Inventory MDS for log4j configuration

Douglas_Rich — Tue, 14 Dec 2021 18:27:58 GMT

Hey guys. I'm looking to write a script to identify each firewall managed by and mds for the following information:

CMA Name, Firewall Name, Is IPS in Detect Mode true/false, Assigned IPS Profile, Profile Setting for log4J

CMA Name, Firewall Name are easy, done, no issues

I found how to grab the log4j setting:

mgmt_cli -r true show threat-protection name "Apache Log4j Remote Code Execution (CVE-2021-44228)" --domain x.x.x.x show-profiles true

and If IPS is enabled or not:

mgmt_cli -r true show simple-gateway name "fw name" --domain x.x.x.x | grep ips
ips: true

The parts I need help with are finding;

1. for each GW object is IPS set to "Detect Only" or not

2. What is the assigned IPS profile for a specific GW.

If anyone has any clues they can drops that would be fantastic.

Re: Inventory MDS for log4j configuration

PhoneBoy — Thu, 16 Dec 2021 23:58:50 GMT

I believe you need to use ips stat on the command line of the gateway to see precisely what profile is in use.
See: https://community.checkpoint.com/t5/Threat-Prevention/Command-IPS-for-showing-profile-used/m-p/136272#M3460

I have a feeling the "detect only" setting is a setting that would only be findable with a generic object and it certainly wouldn't work in the VSX case.

topic Re: Inventory MDS for log4j configuration in API / CLI Discussion

Inventory MDS for log4j configuration

Re: Inventory MDS for log4j configuration