This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SriniKrish
Contributor
‎2022-03-31 05:34 PM

API for ThreatCloud

General Topics

Hi Guys,

I have some questions on ThreatCloud API,

1. Do we have  a public API that we can use to connect Threat Cloud ? The idea is to get Threat feeds into our local application/threat DB.

2. Is it possible to send data back into Threat cloud from our local threat application / DB ?

Or is ThreatCloud limited to only CP products ?

Thanks in advance!

Best regards

Srini

 

0 Kudos
3 Replies
Stuart_Green1
Employee
Employee
‎2022-04-01 04:21 AM

Hi Srini,

There is a Threat Cloud API offering that lets you send files to Threat Cloud via API calls without having to use a CP appliance. It doesn't give you a local copy of the feeds but we have customers integrating the TE API into web applications to scan files from customers for threats and to perform threat extraction too. It contributes to Threat Cloud by providing an unknown file to run through threat emulation and any malicious behaviours detected will generate signatures - but you can't upload your own IOCs. I believe you would need an appliance (physical or virtual) to be able to apply your own IOCs to scans.

0 Kudos
SriniKrish
Contributor
‎2022-04-05 09:44 PM
In response to Stuart_Green1

HI Stuart,

 

Thank you for your response,

Is the below link the one you are referring to ?

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics...

 

Best regards

Srini

0 Kudos
Stuart_Green1
Employee
Employee
‎2022-04-06 01:47 AM
In response to SriniKrish

close, that's the API to use if you had a CP gateway to send the requests to. The TP API is actually linked in the guide though - https://sc1.checkpoint.com/documents/TPAPI/CP_1.0_ThreatPreventionAPI_APIRefGuide/html_frameset.htm

 

They're both quite similar to use but one goes directly to Threat Cloud instead of via a gateway.

0 Kudos