This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Yordan_Cvetkov
Explorer
‎2023-02-13 08:49 PM
Jump to solution

Extract the group members with mgmt_cli show access-rulebase

Hello Experts,

With the command below I am able to extract the members of the network groups in the source and the destination of the rule.

mgmt_cli show access-rulebase -d xxx.xxx.xxx.xxx offset 0 limit 1 name "Network" details-level "full" use-object-dictionary true show-hits true --format json

My problem is I see the members with their UIDs: 

"members" : [ "eac74afb-0f30-4406-8024-4e304094d9c9", "895aed67-7011-46a7-9d42-9e78797301ed", "5ad03019-82c4-4ffb-970d-d0fa3b78adde", "5f5c1f2b-d7de-44e4-aee0-679544b0f8a2", "1b60d48f-9e2c-47e2-80bf-18529eae86d5", "cc9bc8e6-cee6-41e0-a7f9-068d47974b26", "ce76b961-6a85-479e-809b-4807e91aba94" ],

 

Is it possible to get more details for the members like Name, Type, IP, Subnet, etc... ?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-02-14 06:47 AM
Jump to solution

I believe what the UIDs translate to are in the output of the API call when you say object-dictionary true.
Even so, you may need to parse the individual "members" to get the full details you want.
You can see some discussion about this fact here: https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-list-and-export-the-objects-member-fro... 

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-02-14 06:47 AM
Jump to solution

I believe what the UIDs translate to are in the output of the API call when you say object-dictionary true.
Even so, you may need to parse the individual "members" to get the full details you want.
You can see some discussion about this fact here: https://community.checkpoint.com/t5/API-CLI-Discussion/How-to-list-and-export-the-objects-member-fro... 

0 Kudos
Yordan_Cvetkov
Explorer
‎2023-02-14 07:34 AM
In response to PhoneBoy
Jump to solution

Thank you @PhoneBoy  for your reply.

So there is no single command to produce all I need. 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-02-14 11:07 AM
In response to Yordan_Cvetkov
Jump to solution

The closest thing you can do with a single command is to add show-as-ranges true to your command line argument.
This will convert the source, destination, and service to ranges (either IPs or ports).
Depending on your precise purpose, that might be exactly what you need.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top