cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Nüüül
Silver

IPS Update Monitoring

Hi,

I wrote a small script, using the SDK from Checkpoint (GitHub - CheckPointSW/cp_mgmt_api_python_sdk: Check Point API Python Development Kit ) for checking IPS Updates with my Monitoring Server (Centreon, based on Nagios, more or less Smiley Happy)

For the login, the SDK is used (i changed one option in Login part of mgmt_api.py: (unsafe_auto_accept --> true) should work with the default - false - too, but was easier for me.

After successful logging in, we are parsing the API output from show-ip-status and comparing it with i.e actual date or "update available".

After some calculating and comparing the script gives output, understandable for Nagios based systems.

UNKNOWN = -1 - OK = 0 - WARNING = 1 - CRITICAL = 2

Good

Bad:

And there is a state WARNING for 1 - 3 Days Delta from IPS Update

The Thresholds are freely configurable (on daily base).

What would be good, is a possibility to get the current IPS Database version from Checkpoint, so, one might want to check the version against checkpoint, not, what the managment server found.

I started working on this with the question of Sven Glock (IPS Monitoring )  in mind - maybe that kind of helps... and for my own of course Smiley Happy

To use it on Nagios Server you need:

python installed (script worked with 2.7 and 3.7

in the plugin folder i created an own "checkpoint" folder, containing the SDK and my script.

Feel free to have a look, I´m sure, there is space for improvements....

Regards,

Daniel

Labels (1)
9 Replies

Re: IPS Update Monitoring

Great work! What is the benefit of using this over signing up for email alerts on IPS updates from Check Point?

Ryan

0 Kudos
Nüüül
Silver

Re: IPS Update Monitoring

Hi Ryan,

the email gives you the information, that there is a new version.

The script checks the installed version and whether your appliance did find an updated version but i.e. is not yet applied.

Perfect would be a possibility for the monitoring server to fetch the last recent version number, to avoid, that Checkpoint Management Server cannot connect to checkpoint for any reason

And, you have this visible for Monitoring Systems like Nagios and so, which leads into a traffic light like (red, yellow, green) - good for Management Smiley Happy

Daniel

Re: IPS Update Monitoring

Hi, cool integration!

May I ask what are your reasons to not scheduling your Management Server to automatically run IPS Updates and install them? R80.10 Gateways install IPS as part of Threat Prevention policy, not Access Control, which means they're not susceptible to install changes made in policy rules.

0 Kudos
Nüüül
Silver

Re: IPS Update Monitoring

Hi Tomer,

here it is more because of "having an eye" on this. And i.e. being able to monitor and report that you have the last recent version installed, without letting others logging into the SmartConsole.

And, if it would be possible to obtain the last recent version number from kind of a feed or so, this check would send alarms, when there are new versions, but management was not able to download it for any reason (DNS, firewall infront of it - what ever)

I have customers (managed service), who want to see from time to time, whether they are OK on that and other topics.

Daniel

Nüüül
Silver

Re: IPS Update Monitoring

FYI

From Upgrade to R80.20 the Reply of API changed, so, i´ll rewrite the script to be able to monitor R80.20 installations too.

Highlighted
Nüüül
Silver

Re: IPS Update Monitoring

finally did it. running with R80.30 too...

basically had to update the calls for cpapi(SDK)

 

0 Kudos
Sven_Glock
Silver

Re: IPS Update Monitoring

Ohhh - what a nice post, Daniel! I found it accidently today.

Thanks for sharing your script! 

Re: IPS Update Monitoring

brilliant

Re: IPS Update Monitoring

Nice Post Daniel, thanks