Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor

Filtering on show-threat-protection endpoint

Jump to solution

Hi all, 

I'm trying to use 

POST https://<mgmt-server>:<port>/web_api/v1.1/show-threat-protections

and wondering if there's a way I can filter on industry-reference. I tried doing something like this with no avail...

Body: 
{
"details-level": "full",
"filter": "industry-reference:CVE-2007-4676"
}

I also tried filter as a parameter, but that didn't seem to work either. 

Is it possible to filter those results? 

1 Solution

Accepted Solutions
Admin
Admin

It looks like this was added only in R80.40.
Note, when you look at the public documentation here: https://sc1.checkpoint.com/documents/latest/APIs/index.html
It shows you the latest version of the Management API, which at this writing is R80.40 (API v1.6).
You can select older versions, such as v1.1, which corresponds to R80.10.
If you access https://your-management-ip/api_docs, you will always get the version that is specific to your installation.

The only way to get the new version of the API is to upgrade your management.

 

View solution in original post

6 Replies
Admin
Admin

You don't need to specify industry-reference, just specify the CVE number.
And yes, it should work exactly the same with the API, I just use the CLI because it's quicker to test. 

[Expert@Mgmt:0]# mgmt_cli -r true show threat-protections filter "CVE-2007-4676"
protections:
- uid: "8fb870f1-f93a-e748-9683-f153943522f9"
  name: "Apple QuickTime PICT Image Parsing Malformed Records"
  type: "threat-protection"
  domain:
    uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
    name: "SMC User"
    domain-type: "domain"
from: 1
to: 1
total: 1

Contributor

Does that work with the Web API? If so, do you have an example of the payload or params I need to send? 

Admin
Admin
If you can do it with mgmt_cli, it can be done with the Web API.
You just need to change your payload to:

{
"details-level": "full",
"filter": "CVE-2007-4676"
}
Contributor

I tried:

{
     "details-level": "full",
     "filter": "CVE-2007-4676"
}

But ended up with: 

{
  "code""generic_err_invalid_parameter_name",
  "message""Unrecognized parameter [filter]"
}

I'm on R80.10. Was filter added in a later release? 
0 Kudos
Reply
Admin
Admin

It looks like this was added only in R80.40.
Note, when you look at the public documentation here: https://sc1.checkpoint.com/documents/latest/APIs/index.html
It shows you the latest version of the Management API, which at this writing is R80.40 (API v1.6).
You can select older versions, such as v1.1, which corresponds to R80.10.
If you access https://your-management-ip/api_docs, you will always get the version that is specific to your installation.

The only way to get the new version of the API is to upgrade your management.

 

View solution in original post

Contributor

Got cha'. Thanks again for the help. Much appreciated!!!

0 Kudos
Reply