- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi all,
I'm trying to use
POST https://<mgmt-server>:<port>/web_api/v1.1/show-threat-protections
and wondering if there's a way I can filter on industry-reference. I tried doing something like this with no avail...
Body:
{
"details-level": "full",
"filter": "industry-reference:CVE-2007-4676"
}
I also tried filter as a parameter, but that didn't seem to work either.
Is it possible to filter those results?
It looks like this was added only in R80.40.
Note, when you look at the public documentation here: https://sc1.checkpoint.com/documents/latest/APIs/index.html
It shows you the latest version of the Management API, which at this writing is R80.40 (API v1.6).
You can select older versions, such as v1.1, which corresponds to R80.10.
If you access https://your-management-ip/api_docs, you will always get the version that is specific to your installation.
The only way to get the new version of the API is to upgrade your management.
You don't need to specify industry-reference, just specify the CVE number.
And yes, it should work exactly the same with the API, I just use the CLI because it's quicker to test.
[Expert@Mgmt:0]# mgmt_cli -r true show threat-protections filter "CVE-2007-4676"
protections:
- uid: "8fb870f1-f93a-e748-9683-f153943522f9"
name: "Apple QuickTime PICT Image Parsing Malformed Records"
type: "threat-protection"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
from: 1
to: 1
total: 1
Does that work with the Web API? If so, do you have an example of the payload or params I need to send?
I tried:
{
"details-level": "full",
"filter": "CVE-2007-4676"
}
But ended up with:
It looks like this was added only in R80.40.
Note, when you look at the public documentation here: https://sc1.checkpoint.com/documents/latest/APIs/index.html
It shows you the latest version of the Management API, which at this writing is R80.40 (API v1.6).
You can select older versions, such as v1.1, which corresponds to R80.10.
If you access https://your-management-ip/api_docs, you will always get the version that is specific to your installation.
The only way to get the new version of the API is to upgrade your management.
Got cha'. Thanks again for the help. Much appreciated!!!
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY