Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SriniKrish
Contributor

API for ThreatCloud

General Topics

Hi Guys,

I have some questions on ThreatCloud API,

1. Do we have  a public API that we can use to connect Threat Cloud ? The idea is to get Threat feeds into our local application/threat DB.

2. Is it possible to send data back into Threat cloud from our local threat application / DB ?

Or is ThreatCloud limited to only CP products ?

Thanks in advance!

Best regards

Srini

 

0 Kudos
3 Replies
Stuart_Green1
Employee
Employee

Hi Srini,

There is a Threat Cloud API offering that lets you send files to Threat Cloud via API calls without having to use a CP appliance. It doesn't give you a local copy of the feeds but we have customers integrating the TE API into web applications to scan files from customers for threats and to perform threat extraction too. It contributes to Threat Cloud by providing an unknown file to run through threat emulation and any malicious behaviours detected will generate signatures - but you can't upload your own IOCs. I believe you would need an appliance (physical or virtual) to be able to apply your own IOCs to scans.

0 Kudos
SriniKrish
Contributor

HI Stuart,

 

Thank you for your response,

Is the below link the one you are referring to ?

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics...

 

Best regards

Srini

0 Kudos
Stuart_Green1
Employee
Employee

close, that's the API to use if you had a CP gateway to send the requests to. The TP API is actually linked in the guide though - https://sc1.checkpoint.com/documents/TPAPI/CP_1.0_ThreatPreventionAPI_APIRefGuide/html_frameset.htm

 

They're both quite similar to use but one goes directly to Threat Cloud instead of via a gateway.

0 Kudos