Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jmcadams
Contributor
Jump to solution

Filtering on show-threat-protection endpoint

Hi all, 

I'm trying to use 

POST https://<mgmt-server>:<port>/web_api/v1.1/show-threat-protections

and wondering if there's a way I can filter on industry-reference. I tried doing something like this with no avail...

Body: 
{
"details-level": "full",
"filter": "industry-reference:CVE-2007-4676"
}

I also tried filter as a parameter, but that didn't seem to work either. 

Is it possible to filter those results? 

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

It looks like this was added only in R80.40.
Note, when you look at the public documentation here: https://sc1.checkpoint.com/documents/latest/APIs/index.html
It shows you the latest version of the Management API, which at this writing is R80.40 (API v1.6).
You can select older versions, such as v1.1, which corresponds to R80.10.
If you access https://your-management-ip/api_docs, you will always get the version that is specific to your installation.

The only way to get the new version of the API is to upgrade your management.

 

View solution in original post

11 Replies
PhoneBoy
Admin
Admin

You don't need to specify industry-reference, just specify the CVE number.
And yes, it should work exactly the same with the API, I just use the CLI because it's quicker to test. 

[Expert@Mgmt:0]# mgmt_cli -r true show threat-protections filter "CVE-2007-4676"
protections:
- uid: "8fb870f1-f93a-e748-9683-f153943522f9"
  name: "Apple QuickTime PICT Image Parsing Malformed Records"
  type: "threat-protection"
  domain:
    uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
    name: "SMC User"
    domain-type: "domain"
from: 1
to: 1
total: 1

jmcadams
Contributor

Does that work with the Web API? If so, do you have an example of the payload or params I need to send? 

PhoneBoy
Admin
Admin
If you can do it with mgmt_cli, it can be done with the Web API.
You just need to change your payload to:

{
"details-level": "full",
"filter": "CVE-2007-4676"
}
jmcadams
Contributor

I tried:

{
     "details-level": "full",
     "filter": "CVE-2007-4676"
}

But ended up with: 

{
  "code""generic_err_invalid_parameter_name",
  "message""Unrecognized parameter [filter]"
}

I'm on R80.10. Was filter added in a later release? 
0 Kudos
PhoneBoy
Admin
Admin

It looks like this was added only in R80.40.
Note, when you look at the public documentation here: https://sc1.checkpoint.com/documents/latest/APIs/index.html
It shows you the latest version of the Management API, which at this writing is R80.40 (API v1.6).
You can select older versions, such as v1.1, which corresponds to R80.10.
If you access https://your-management-ip/api_docs, you will always get the version that is specific to your installation.

The only way to get the new version of the API is to upgrade your management.

 

jmcadams
Contributor

Got cha'. Thanks again for the help. Much appreciated!!!

0 Kudos
pdn
Participant

@PhoneBoy  I have v1.8, and still got the "message": "Unrecognized parameter [filter]" error message, with show-tasks.  

 

Can you please shred some light?

 

Thank you.

 

 

show-tasks-filter.jpg

 

show-tasks-filter-2 (1).jpg

0 Kudos
PhoneBoy
Admin
Admin

Because this API call is not structured correctly.
The JSON should look something like:

{
  "details-level" : "full",
  "filter" : "MyFilterString"
}
0 Kudos
pdn
Participant

I actually tried many combinations, using the examples from the Checkpoint collections that I got from this forum.  No luck.  Looking like 'filter' isn't actually supported.  So documentation bug?

 

show-tasks-filter-3 (1).jpg

0 Kudos
PhoneBoy
Admin
Admin

Paging @Omer_Kleinstern 
The "filter" option doesn't show in the v1.9 documentation for the same endpoint.
Further, attempts to perform a similar query on an R81.20 system give similar results.
Which suggests this is probably not supported and a documentation bug. 

0 Kudos
pdn
Participant

Thanks @PhoneBoy  for confirming.  It would be nice to have it.  For now, I got my code working which gives a similar result.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events