This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bob_Zimmerman
Authority
Authority
‎2021-01-31 12:31 PM

Application/Site category weirdness

While learning to ingest more object types, I noticed application-site objects reference their primary-category and additional-categories by name rather than by UUID. Is that intentional?

Everything else references other objects by UUID or even by whole object ('show host' includes whole objects for the host's tags). Even rule settings like the action and track reference objects by UUID, not just strings like "Accept" or "Log".

I'm on R80.40 jumbo 91, so API 1.6.1.

8 Replies
PhoneBoy
Admin
Admin
‎2021-01-31 01:23 PM

Good question for @Omer_Kleinstern

0 Kudos
Or_Soffer
Employee
Employee
‎2021-02-01 12:53 AM
In response to PhoneBoy

Hi @Bob_Zimmerman ,

Thanks for reaching us.
Indeed it's also possible to pass UUIDs in the application-site request in the categories fields.

Thanks,
Or

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2021-02-01 07:20 AM
In response to Or_Soffer

For requests to make changes, sure. I'm talking about the data returned when I ask the API to show me objects:

[Expert@LabSC]# mgmt_cli -r true --format json show application-sites limit 1 details-level full
{
  "objects" : [ {
    "uid" : "00fa9e3c-36ef-0f65-e053-08241dc22da2",
    "name" : "#hashtags",
    "type" : "application-site",
    "domain" : {
      "uid" : "8bf4ac51-2df7-40e1-9bce-bedbedbedbed",
      "name" : "APPI Data",
      "domain-type" : "data domain"
    },
    "application-id" : 10075536,
    "primary-category" : "Twitter Clients",
    "description" : "Hashtags are a community-driven convention for adding additional context and metadata to your tweets. They're like tags on Flickr, only added inline to your post. You create a hashtag simply by prefixing a word with a hash symbol: #hashtag.",
    "risk" : "Very Low",
    "user-defined" : false,
    "additional-categories" : [ "Share links", "Twitter Clients", "Very Low Risk" ],
    "comments" : "",
    "color" : "black",
    "icon" : "@app/10075536_2",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1595724647102,
        "iso-8601" : "2020-07-26T00:50+0000"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1595724647102,
        "iso-8601" : "2020-07-26T00:50+0000"
      },
      "creator" : "System"
    },
    "read-only" : false
  } ],
  "from" : 1,
  "to" : 1,
  "total" : 7345
}

The "primary category" field is a name rather than a UUID or object. The "additional-categories" field is a list of names rather than a list of UUIDs or objects.

The categories are available from the API as objects. Every other relationship between two objects I can think of is provided as UUIDs or objects. This is the only one I've seen provided as a name instead.

I'm pretty sure I can handle this when I am ingesting data from the API, but it seems inconsistent enough that I wanted to verify it is expected behavior first.

0 Kudos
Or_Soffer
Employee
Employee
‎2021-02-01 07:28 AM
In response to Bob_Zimmerman

I see, you are right, indeed it seems inconsistent with the rest of the API replies.
We will open a bug for this.
BTW for now you can use the API command "show application-site-category" to get the category object.

Thanks!

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2021-02-01 10:47 AM
In response to Or_Soffer

Thanks for the confirmation!

Is there anything else you need from me? I can open a ticket through the TAC if that would help. I post here under a personal account, but I would have seen the problem in my day job sooner or later.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-02-01 02:32 PM
In response to Bob_Zimmerman

I would open a TAC case to track if nothing else.

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2022-01-04 07:31 AM

In case anybody runs into this thread in the future, I can confirm R81 jumbo 51 fixes this. It's the line labeled PRJ-27424, PRHF-17841. Now I can just use the "primary-category-id" and "additional-category-ids" fields.

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2024-02-25 08:44 AM

While working on something else, I noticed I had two objects for some categories, and only one of them works when building a new application/site object. For example, these two UUIDs are both the category "Twitter Clients" in R81.20 jumbo 45:

  • 00fa9e44-4064-0f65-e053-08241dc22da2
  • 00fa9e44-4178-0f65-e053-08241dc22da2

The difference is in the second block of digits. The first one (4064) is referenced in the primary-category-id field. The second (4178) is referenced in the additional-categories-ids field. When you add a new application/site object, it accepts the 4178 UUID but rejects the 4064 UUID:

[Expert@TestSC:0]# cpinfo -y mgmt

This is Check Point CPinfo Build 914000239 for GAIA
[MGMT]
	HOTFIX_R81_20_JUMBO_HF_MAIN	Take:  45

[Expert@TestSC:0]# mgmt_cli -f json -r true login > session.txt

[Expert@TestSC:0]# appSite=$(mgmt_cli -f json -s session.txt show application-sites details-level full limit 1 | jq '.objects[]|.')

[Expert@TestSC:0]# echo $appSite | jq '{uuid:.uid,name:.name,primary:."primary-category-id",additional:."additional-categories-ids"}'
{
  "uuid": "00fa9e3c-36ef-0f65-e053-08241dc22da2",
  "name": "#hashtags",
  "primary": "00fa9e44-4064-0f65-e053-08241dc22da2",
  "additional": [
    "00fa9e44-4178-0f65-e053-08241dc22da2",
    "00fa9e44-4150-0f65-e053-08241dc22da2"
  ]
}

[Expert@TestSC:0]# mgmt_cli -f json -s session.txt show object uid $(echo $appSite | jq '."primary-category-id"') details-level full
{
  "object" : {
    "uid" : "00fa9e44-4064-0f65-e053-08241dc22da2",
    "name" : "Twitter Clients",
    "type" : "application-site-category",
    "domain" : {
      "uid" : "8bf4ac51-2df7-40e1-9bce-bedbedbedbed",
      "name" : "APPI Data",
      "domain-type" : "data domain"
    },
    "description" : "Products that are associated with the social networking service 'Twitter' and provide functional use of the sites API.",
    "user-defined" : false,
    "groups" : [ ],
    "comments" : "",
    "color" : "black",
    "icon" : "Objects/category",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1668642073408,
        "iso-8601" : "2022-11-16T23:41+0000"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1668642073408,
        "iso-8601" : "2022-11-16T23:41+0000"
      },
      "creator" : "System"
    },
    "read-only" : true,
    "available-actions" : {
      "edit" : "false",
      "delete" : "false",
      "clone" : "false"
    }
  }
}

[Expert@TestSC:0]# mgmt_cli -f json -s session.txt show object uid $(echo $appSite | jq '."additional-categories-ids"[0]') details-level full
{
  "object" : {
    "uid" : "00fa9e44-4178-0f65-e053-08241dc22da2",
    "name" : "Twitter Clients",
    "type" : "application-site-category",
    "domain" : {
      "uid" : "8bf4ac51-2df7-40e1-9bce-bedbedbedbed",
      "name" : "APPI Data",
      "domain-type" : "data domain"
    },
    "description" : "Products that are associated with the social networking service 'Twitter' and provide functional use of the sites API.",
    "user-defined" : false,
    "groups" : [ ],
    "comments" : "",
    "color" : "black",
    "icon" : "Objects/category",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1668642073093,
        "iso-8601" : "2022-11-16T23:41+0000"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1668642073093,
        "iso-8601" : "2022-11-16T23:41+0000"
      },
      "creator" : "System"
    },
    "read-only" : true,
    "available-actions" : {
      "edit" : "false",
      "delete" : "false",
      "clone" : "false"
    }
  }
}

[Expert@TestSC:0]# mgmt_cli -f json -s session.txt add application-site name TestSite primary-category $(echo $appSite | jq '."primary-category-id"') url-list.1 "x.com" url-list.2 "twitter.com"
{
  "code" : "err_validation_failed",
  "message" : "Validation failed with 1 blocking-error",
  "blocking-errors" : [ {
    "message" : "Field categoryRef references invalid objects"
  } ]
}

[Expert@TestSC:0]# mgmt_cli -f json -s session.txt add application-site name TestSite primary-category $(echo $appSite | jq '."additional-categories-ids"[0]') url-list.1 "x.com" url-list.2 "twitter.com"
{
  "uid" : "cc27d837-4e31-4b8c-aa17-3df798189688",
  "name" : "TestSite",
  "type" : "application-site",
  "domain" : {
    "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
    "name" : "SMC User",
    "domain-type" : "domain"
  },
  "application-id" : 1509514380,
  "primary-category" : "Twitter Clients",
  "primary-category-id" : "00fa9e44-4178-0f65-e053-08241dc22da2",
  "description" : "",
  "risk" : "Unknown",
  "user-defined" : true,
  "url-list" : [ "x.com", "twitter.com" ],
  "urls-defined-as-regular-expression" : false,
  "groups" : [ ],
  "comments" : "",
  "color" : "black",
  "icon" : "Objects/application",
  "tags" : [ ],
  "meta-info" : {
    "lock" : "unlocked",
    "validation-state" : "ok",
    "last-modify-time" : {
      "posix" : 1708877792459,
      "iso-8601" : "2024-02-25T16:16+0000"
    },
    "last-modifier" : "WEB_API",
    "creation-time" : {
      "posix" : 1708877792459,
      "iso-8601" : "2024-02-25T16:16+0000"
    },
    "creator" : "WEB_API"
  },
  "read-only" : true,
  "available-actions" : { }
}

Probably a bug, but seems relatively minor. For now, I'll just send the categories' names when building a new object.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events