This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tomer_Sole
Mentor
Mentor
‎2018-04-09 09:37 AM

Did you know? Add Snort Protections with R80.10 API

1. Place the snort protections file on your Management server

2. Import it to your Security Management Server:

a. Login with valid Check Point admin credentials, so that the change will be audited by the relevant admin account.

mgmt_cli login user "[username]" password "[password]"

b. Import the protections file

mgmt_cli add threat-protections package-path "/path/to/community.rules" package-format "snort"

c. This command is asynchronous and returns a task ID. Track the progress of this task either with the "show task" command:

mgmt_cli show task task-id "2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb"

(given 2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb as the "task-id" value in the result of step b)

or with this utility Using a-synchronous commands (e.g. publish, install-policy and run-script) 

d. Publish your changes 

mgmt_cli publish

e. The "publish" command is also asynchronous, so you will need to track its progress similar to step c

f. Install Policy 

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway"

g. The "install-policy" command is also asynchronous, so you will need to track its progress similar to step c

Now you can add your custom protections or connect between your feeds and the gateway automatically. Audit logs and SmartConsole UI reflect this change.

2 Replies
Eric_Ferland
Employee
Employee
‎2018-04-09 10:47 AM

Hi Tomer,

Can you elaborate on "connect between your feeds and the gateway automatically"? Example perhaps.

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-04-09 11:08 PM
In response to Eric_Ferland

Hi, sorry for slacking at the end Smiley Happy 

Let's say you pay for subscription to some 3rd party domain www.ExclusiveProtectionRules.com/feed.csv which contains list of .snort files each with logics to detect IPS.

You can place on a remote host a script in Python or bash or something, that polls that URL every now and then, and when it detects that new entries were added, downloads the new .snort files, places them on the Management Server and remotely calls the Management API commands.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events