This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jmcadams
Contributor
‎2020-03-20 07:24 AM
Jump to solution

Filtering on show-threat-protection endpoint

Hi all, 

I'm trying to use 

POST https://<mgmt-server>:<port>/web_api/v1.1/show-threat-protections

and wondering if there's a way I can filter on industry-reference. I tried doing something like this with no avail...

Body: 
{
"details-level": "full",
"filter": "industry-reference:CVE-2007-4676"
}

I also tried filter as a parameter, but that didn't seem to work either. 

Is it possible to filter those results? 

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-03-24 12:15 PM
In response to jmcadams
Jump to solution

It looks like this was added only in R80.40.
Note, when you look at the public documentation here: https://sc1.checkpoint.com/documents/latest/APIs/index.html
It shows you the latest version of the Management API, which at this writing is R80.40 (API v1.6).
You can select older versions, such as v1.1, which corresponds to R80.10.
If you access https://your-management-ip/api_docs, you will always get the version that is specific to your installation.

The only way to get the new version of the API is to upgrade your management.

 

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
‎2020-03-22 07:48 PM
Jump to solution

You don't need to specify industry-reference, just specify the CVE number.
And yes, it should work exactly the same with the API, I just use the CLI because it's quicker to test. 

[Expert@Mgmt:0]# mgmt_cli -r true show threat-protections filter "CVE-2007-4676"
protections:
- uid: "8fb870f1-f93a-e748-9683-f153943522f9"
  name: "Apple QuickTime PICT Image Parsing Malformed Records"
  type: "threat-protection"
  domain:
    uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
    name: "SMC User"
    domain-type: "domain"
from: 1
to: 1
total: 1

jmcadams
Contributor
‎2020-03-23 06:31 AM
In response to PhoneBoy
Jump to solution

Does that work with the Web API? If so, do you have an example of the payload or params I need to send? 

PhoneBoy
Admin
Admin
‎2020-03-23 02:01 PM
In response to jmcadams
Jump to solution

If you can do it with mgmt_cli, it can be done with the Web API.
You just need to change your payload to:

{
"details-level": "full",
"filter": "CVE-2007-4676"
}
jmcadams
Contributor
‎2020-03-24 09:52 AM
In response to PhoneBoy
Jump to solution

I tried:

{
     "details-level": "full",
     "filter": "CVE-2007-4676"
}

But ended up with: 

{
  "code""generic_err_invalid_parameter_name",
  "message""Unrecognized parameter [filter]"
}

I'm on R80.10. Was filter added in a later release? 
0 Kudos
PhoneBoy
Admin
Admin
‎2020-03-24 12:15 PM
In response to jmcadams
Jump to solution

It looks like this was added only in R80.40.
Note, when you look at the public documentation here: https://sc1.checkpoint.com/documents/latest/APIs/index.html
It shows you the latest version of the Management API, which at this writing is R80.40 (API v1.6).
You can select older versions, such as v1.1, which corresponds to R80.10.
If you access https://your-management-ip/api_docs, you will always get the version that is specific to your installation.

The only way to get the new version of the API is to upgrade your management.

 

jmcadams
Contributor
‎2020-03-24 12:18 PM
In response to PhoneBoy
Jump to solution

Got cha'. Thanks again for the help. Much appreciated!!!

0 Kudos