This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
ChruNDC
Explorer
‎2022-01-28 06:33 AM

Import Indicator file CSV [R80.40] API (1.6]

Hello

I want to block a list of ip with the indicator function. For this I go to Theart Prevention -> Indicators -> Import file and the file is imported.

Every day I have to push a new file and delete the old one. So I would like to use checkpoint APIs to do this.

I manage to delete the file but I can't find how to import the file.

Can you help me ?

Thanks

 

0 Kudos
6 Replies
Art_Zalenekas
Employee
Employee
‎2022-01-28 10:14 AM

Why don't you run it on schedule and fetch the file automatically? Either local to the GW or remote.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics...


https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
ChruNDC
Explorer
‎2022-02-01 05:02 AM
In response to Art_Zalenekas

I get a list of IPs to block every day. I already have a script in python that converts this list of ip to checkpoint format to import. The goal is to have a single script that will create the file, delete the old one and add the new one. And using the checkpoint APIs seems consistent to me.

I'm new to checkpoint so I don't know the features yet, but thanks for the feedback, I'll take a look.

0 Kudos
genisis__
Advisor
‎2022-02-01 01:18 PM
In response to ChruNDC

Look forward to the finished results.

pfilipe
Participant
‎2022-03-03 01:48 AM
In response to ChruNDC

Hello ChruNDC,

 

Could you provide the CSV file or the format?

I am trying to import a CSV through smart console but i keep getting the error "Indicator in row 1 has less fields than expected".

Already tried to use an example of checkpoint but still no success.

 

Thanks 

0 Kudos
Nir_Naaman
Employee
Employee
‎2022-03-05 12:20 PM
In response to ChruNDC

Have you considered using sk132193 Custom Intelligence Feeds? Instead of pushing policy from your management, you can configure your gateways to pull indicators from a feed. When the feed contents change, the gateway automatically stops blocking the old values and starts blocking the new. And, if you're looking for a managed facility, you could automate the input feed on Infinity NDR, and configure your gateways to pull from there.

Note that an R80.40 gateway will not match IP IOCs to source IP, only destination IP. R81 and higher block in both directions. This is true regardless of whether you're pushing policy or pulling from the gateway.

pfilipe
Participant
‎2022-03-08 09:28 AM
In response to Nir_Naaman

Hello nir_Naaman,

 

Yes i already consider but the customer what to be managed by the MGMT and Centralized.

 

0 Kudos