Get early access to our new Threat Prevention APIs

Yoav_Lasman · ‎2019-06-16

Take control of new Threat Prevention APIs powered by the largest Threat Cloud in the industry:

URL Reputation – for a domain/URL returns the classification and risk in accessing the resource

File Reputation – for a file digest (md5/sha1/sha256/sha512) returns the risk in downloading the file without the need to scan it

IP Reputation - for an IP address returns it’s classification and risk in accessing a resource hosted on it

Mail Security – upload an email for scanning against malware and phishing attacks, based on award winning Sandblast engines

All APIs are RESTful, simple to use and can be integrated as part of a SOAR application, home-made application and more!

If you’re a Check Point customer interested in participating in the early availability stage drop me a mail at yoav@checkpoint.com

Yoav_Lasman · ‎2020-01-06

Detailed API instructions including samples in Java/Python can now be found in our GitHub repository.

Check it out here - https://github.com/CheckPointSW/reputation-service-api

Martin_Raska · ‎2020-02-11

There is typo in the python code

rep_res = requests.post(f'https://rep.checkpoint.com/{service}-rep/service/v2.0/query?resource={resource}')

this f char is repeating in code and prevent from compilation. After fix those, its running.

Python v3.6

Click 7.0

Requests 2.22

Martin_Raska · ‎2020-02-12

no, still not working, we can run it without any command

root@cacti-virtual-machine:/home/cacti# reputation-api
Usage: reputation-api [OPTIONS]
Try "reputation-api --help" for help.

Error: Missing option "-s" / "--service". Choose from:
url,
file,
ip.

But with arguments
root@cacti-virtual-machine:/home/cacti# reputation-api -s url -r www.abc.com -ck XXYYZZ
api.utils.exceptions.StatusCodeException: Operation failed with status {self.status_code}

aviadl · ‎2020-03-03

Hi Martin,

The f is not a typo. It's a new way to format strings in python and the change introduce in python 3.6 (https://www.python.org/dev/peps/pep-0498/), so if you're running python 3.6, the code should work.

Once you removed only the f from your code without changing the strings formats, your code will not work as expected.

We'll update the code to support older versions of python 3.

Meanwhile, feel free to contact me and I'll be happy to assists you: aviadl@checkpoint.com

Martin_Raska · ‎2020-03-03

Hi Aviadl,
I dont know what exactly changed but right now I am able to compile your code with Python 3.6 and rep-api is working correctly.

root@cacti-virtual-machine:/home/cacti/REP_API_F# reputation-api -s url -r www.aaa.com -ck XXZZYY
www.aaa.com is Benign with risk 0/100

aviadl · ‎2020-03-03

That's great!

Blason_R · ‎2020-06-16

Hey,

May be I am passing wrong header - but can you help me fixing the typo with reputation-api?

curl -XGET -H Client-Key https://rep.checkpoint.com/rep-auth/service/v1.0/request

Plus on my Ubuntu 18.04 python3 getting below errors

Traceback (most recent call last):
File "/usr/local/bin/reputation-api", line 11, in <module>
load_entry_point('reputation-service-API-client==1.0.1', 'console_scripts', 'reputation-api')()
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2852, in load_entry_point
return ep.load()
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2443, in load
return self.resolve()
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2449, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "build/bdist.linux-x86_64/egg/api/__main__.py", line 7, in <module>
File "/usr/local/lib/python2.7/dist-packages/reputation_service_API_client-1.0.1-py2.7.egg/api/utils/exceptions.py", line 2
def __init__(self, status_code: int, *args: object) -> None:

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

aviadl · ‎2020-06-16

Hi @Blason_R ,

For curl, please try this command:

curl -X GET 'https://rep.checkpoint.com/rep-auth/service/v1.0/request' -H 'Client-Key: <your client key>'

Replace <your client key> with your client key 🙂

As for the python error:

Can you write the full command you tried?
Can you make sure you actually running python 3? from the traceback I see that it's running from python 2.7 somehow.

Waiting for your updates,

Aviad

Blason_R · ‎2020-06-17

Yes I have python 2.7 installed as well along with Python 3.

Also, the main query is I am not able to generate Client-key using curl parameter. How do I generate the ck?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

aviadl · ‎2020-06-17

You can't generate Client-Key yourself.

Please contact TCAPI_SUPPORT@checkpoint.com to get a key

Blason_R · ‎2020-06-17

Oh - I misread probably then 🙂

So I need a ck and based on this I can generate the token which is valid for a week right?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

aviadl · ‎2020-06-17

Yes 😊

Are you a member of CheckMates?

Get early access to our new Threat Prevention APIs