- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Howdy.
With JHF 111 for R80.30 we can now fetch pcaps associated to threat prevention alerts (IPS/AB/etc) via API!
Handy for SOCs and IR teams.
Basically:
1. Log Exporter was modified to send an Attachment ID.
2. That Attachment ID can be leveraged via the get-attachment API call to fetch the goods.
Wanted to share the attached python script (in .7z + screenshot) as an example.
Tim Otis - Check Point Incident Response Team
Pretty need. Thanks for sharing
Nice!
Hi
I'm using a MDM-MLM setup.
If a pcap file must be fetched via an API, will the pcap request go to a particular CMA or a CLM?
/Norbert
Hello Tim, could you specify on which version of python it is working? Thank you
Hi @Tim_Otis ,
Thanks for sharing this script.
Could you confirm how would I get the "LOG_ATTACHMENT_UID".
Believe it's in the log entry itself.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY