This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nikolajs_Matjus
Participant
‎2018-05-02 03:28 AM

API logging and profiles

Hello ! 

Customer is concerned about API logging, generally they want to see logs from API requests/responses in TE blade log in SmartLog. Is that possible ?  If not, what is the way to get similar logging ? (Verdict, filename, malware, etc).

Another question is about NGTX profile - how to apply it to API requests ? 

Thanks in advance !

7 Replies
PhoneBoy
Admin
Admin
‎2018-05-02 02:25 PM

Are you querying against the API on a local Threat Emulation appliance or ThreatCloud? 

For a local Threat Emulation appliance, this information should log the same way as if a gateway generated the request.

See also: /var/log/huntress_api_logs 

For ThreatCloud, I'm not sure that's possible.

For your second question, I'm not sure I understand, can you clarify?

Nikolajs_Matjus
Participant
‎2018-05-02 11:16 PM
In response to PhoneBoy

We are quering local TE appliance.

Regarding second question - how do we define protection profile for API queries ?

Just like we do for protection scope in Threat Prevention tab, or differently ? 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-02 11:24 PM
In response to Nikolajs_Matjus

Profiles do not apply to API calls.

It is up to the application calling the API to determine what to do with the result of the API call.

Nikolajs_Matjus
Participant
‎2018-05-02 11:59 PM
In response to PhoneBoy

Thank you for quick reply!

But then how do we define emulation environment for API calls ?

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-03 06:54 AM
In response to Nikolajs_Matjus

The images you wish to emulate against are specified in the API call.

0 Kudos
freedom_apps
Explorer
‎2018-05-18 06:13 AM

We are quering local TE appliance.

Regarding second question - how do we define protection profile for API queries ?

Just like we do for protection scope in Threat Prevention tab, or differently ?  Thanks for This MAmazing Forum.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-05-18 10:25 AM
In response to freedom_apps

Threat Prevention profiles don't make sense when you're calling the API directly, which gives you the raw verdict on a given file.

The actual enforcement decision/logic lies elsewhere in this case.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events