This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SriniKrish
Collaborator
‎2022-03-31 05:34 PM

API for ThreatCloud

General Topics

Hi Guys,

I have some questions on ThreatCloud API,

1. Do we have  a public API that we can use to connect Threat Cloud ? The idea is to get Threat feeds into our local application/threat DB.

2. Is it possible to send data back into Threat cloud from our local threat application / DB ?

Or is ThreatCloud limited to only CP products ?

Thanks in advance!

Best regards

Srini

 

0 Kudos
3 Replies
StuartGreen
Employee
Employee
‎2022-04-01 04:21 AM

Hi Srini,

There is a Threat Cloud API offering that lets you send files to Threat Cloud via API calls without having to use a CP appliance. It doesn't give you a local copy of the feeds but we have customers integrating the TE API into web applications to scan files from customers for threats and to perform threat extraction too. It contributes to Threat Cloud by providing an unknown file to run through threat emulation and any malicious behaviours detected will generate signatures - but you can't upload your own IOCs. I believe you would need an appliance (physical or virtual) to be able to apply your own IOCs to scans.

0 Kudos
SriniKrish
Collaborator
‎2022-04-05 09:44 PM
In response to StuartGreen

HI Stuart,

 

Thank you for your response,

Is the below link the one you are referring to ?

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics...

 

Best regards

Srini

0 Kudos
StuartGreen
Employee
Employee
‎2022-04-06 01:47 AM
In response to SriniKrish

close, that's the API to use if you had a CP gateway to send the requests to. The TP API is actually linked in the guide though - https://sc1.checkpoint.com/documents/TPAPI/CP_1.0_ThreatPreventionAPI_APIRefGuide/html_frameset.htm

 

They're both quite similar to use but one goes directly to Threat Cloud instead of via a gateway.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top