This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ChruNDC
Explorer
‎2022-01-28 06:33 AM

Import Indicator file CSV [R80.40] API (1.6]

Hello

I want to block a list of ip with the indicator function. For this I go to Theart Prevention -> Indicators -> Import file and the file is imported.

Every day I have to push a new file and delete the old one. So I would like to use checkpoint APIs to do this.

I manage to delete the file but I can't find how to import the file.

Can you help me ?

Thanks

 

0 Kudos
6 Replies
Art_Zalenekas
Employee
Employee
‎2022-01-28 10:14 AM

Why don't you run it on schedule and fetch the file automatically? Either local to the GW or remote.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics...


https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
ChruNDC
Explorer
‎2022-02-01 05:02 AM
In response to Art_Zalenekas

I get a list of IPs to block every day. I already have a script in python that converts this list of ip to checkpoint format to import. The goal is to have a single script that will create the file, delete the old one and add the new one. And using the checkpoint APIs seems consistent to me.

I'm new to checkpoint so I don't know the features yet, but thanks for the feedback, I'll take a look.

0 Kudos
genisis__
Leader Leader
Leader
‎2022-02-01 01:18 PM
In response to ChruNDC

Look forward to the finished results.

pfilipe
Contributor
‎2022-03-03 01:48 AM
In response to ChruNDC

Hello ChruNDC,

 

Could you provide the CSV file or the format?

I am trying to import a CSV through smart console but i keep getting the error "Indicator in row 1 has less fields than expected".

Already tried to use an example of checkpoint but still no success.

 

Thanks 

0 Kudos
Nir_Naaman
Collaborator
‎2022-03-05 12:20 PM
In response to ChruNDC

Have you considered using sk132193 Custom Intelligence Feeds? Instead of pushing policy from your management, you can configure your gateways to pull indicators from a feed. When the feed contents change, the gateway automatically stops blocking the old values and starts blocking the new. And, if you're looking for a managed facility, you could automate the input feed on Infinity NDR, and configure your gateways to pull from there.

Note that an R80.40 gateway will not match IP IOCs to source IP, only destination IP. R81 and higher block in both directions. This is true regardless of whether you're pushing policy or pulling from the gateway.

pfilipe
Contributor
‎2022-03-08 09:28 AM
In response to Nir_Naaman

Hello nir_Naaman,

 

Yes i already consider but the customer what to be managed by the MGMT and Centralized.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events