https://community.checkpoint.com/t5/General-Topics/Threat-Emulation-Extend-SNMP-with-Shell-script-Faulty/m-p/205523#M34106 <P>What version/JHF?<BR />You might try debugging snmpd:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk56783" target="_blank">https://support.checkpoint.com/results/sk/sk56783</A>&nbsp;</P> Thu, 08 Feb 2024 22:25:01 GMT PhoneBoy 2024-02-08T22:25:01Z https://community.checkpoint.com/t5/General-Topics/Threat-Emulation-Extend-SNMP-with-Shell-script-Faulty/m-p/205440#M34092 <P>Hi!<BR /><BR />I'm running an ON-prem security gateway that Is connected to a cloud Sandbox. I want to take out Threat Emulation statistics and send over to monitoring system.<BR /><BR />Followed along this guide,<BR /><A href="https://support.checkpoint.com/results/sk/sk114806" target="_blank">ATRG: Threat Emulation (checkpoint.com)</A><BR />"Follow the following action plan (for detailed instructions, refer to<BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk90860#Advanced%20SNMP%20configuration%20-%20Extend%20SNMP" target="_blank" rel="noopener">sk90860 - How to configure SNMP on Gaia OS</A><SPAN>&nbsp;</SPAN>- section "(IV-6) Advanced SNMP configuration - Extend SNMP with shell script"</P><P><BR />The main goal is to monitor this OID,<BR />.1.3.6.1.4.1.2620.1.49.5.1</P><P>"TE Malware Detected"</P><P><BR /><BR />1. So I've enabled SNMP Agent in GAIA, version v3 only. Created a snmpuser with an authpriv, privacy protocol AES256 and authentication protocol SHA256.<BR /><BR /></P><P>2. Created a basic shell script that I put under under /home/admin/test.sh.<BR /># Extract amount of malicious code<BR />#!/bin/bash<BR />. /opt/CPshared/5.0/tmp/.CPprofile.sh<BR />cpstat threat-emulation -f malware_detected<BR /><BR /></P><P>3. Disable the SNMP agent<BR /><BR />4. Added this line under /etc/snmp/userDefinedSettings.conf<BR />"extend&nbsp;.1.3.6.1.4.1.2620.1.49.5.1 test /bin/sh /home/admin/test.sh"&nbsp;<BR /><BR />5. Re-Enabled the SNMP agent</P><P>6. Here comes the problem, I'm unable to test the OID. Tried with these commands, but It's not working.<BR /><BR />snmpwalk -v 2c -c test localhost .1.3.6.1.4.1.2620.1.49.5.1<BR /><STRONG>"Timeout: No Response from localhost"</STRONG><BR /><BR />snmpwalk -v 3 -c test localhost .1.3.6.1.4.1.2620.1.49.5.1<BR /><STRONG>"snmpwalk: Timeout"<BR /><BR /></STRONG><BR />Have anyone else experienced the same problem?&nbsp;</P> Thu, 08 Feb 2024 09:24:03 GMT https://community.checkpoint.com/t5/General-Topics/Threat-Emulation-Extend-SNMP-with-Shell-script-Faulty/m-p/205440#M34092 Forsaken_61 2024-02-08T09:24:03Z https://community.checkpoint.com/t5/General-Topics/Threat-Emulation-Extend-SNMP-with-Shell-script-Faulty/m-p/205523#M34106 <P>What version/JHF?<BR />You might try debugging snmpd:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk56783" target="_blank">https://support.checkpoint.com/results/sk/sk56783</A>&nbsp;</P> Thu, 08 Feb 2024 22:25:01 GMT https://community.checkpoint.com/t5/General-Topics/Threat-Emulation-Extend-SNMP-with-Shell-script-Faulty/m-p/205523#M34106 PhoneBoy 2024-02-08T22:25:01Z https://community.checkpoint.com/t5/General-Topics/Threat-Emulation-Extend-SNMP-with-Shell-script-Faulty/m-p/205556#M34112 <P>I'm running on R81_20_JUMBO_HF_MAIN Take: 26</P> Fri, 09 Feb 2024 08:24:30 GMT https://community.checkpoint.com/t5/General-Topics/Threat-Emulation-Extend-SNMP-with-Shell-script-Faulty/m-p/205556#M34112 Forsaken_61 2024-02-09T08:24:30Z https://community.checkpoint.com/t5/General-Topics/Threat-Emulation-Extend-SNMP-with-Shell-script-Faulty/m-p/205632#M34128 <P>And have you debugged snmpd?<BR />There are some SNMP-related fixes in Take 43, but not sure they are relevant here.<BR />This is probably going to involve a TAC case: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> Sat, 10 Feb 2024 01:33:24 GMT https://community.checkpoint.com/t5/General-Topics/Threat-Emulation-Extend-SNMP-with-Shell-script-Faulty/m-p/205632#M34128 PhoneBoy 2024-02-10T01:33:24Z