Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Douglas_Rich
Contributor

Inventory MDS for log4j configuration

Hey guys.  I'm looking to write a script to identify each firewall managed by and mds for the following information: 

CMA Name, Firewall Name, Is IPS in Detect Mode true/false, Assigned IPS Profile, Profile Setting for log4J

CMA Name, Firewall Name are easy, done, no issues

I found how to grab the log4j setting:

mgmt_cli -r true show threat-protection name "Apache Log4j Remote Code Execution (CVE-2021-44228)" --domain x.x.x.x show-profiles true

and If IPS is enabled or not:

mgmt_cli -r true show simple-gateway name "fw name" --domain x.x.x.x | grep ips
ips: true

The parts I need help with are finding;

1. for each GW object is IPS set to "Detect Only" or not

2. What is the assigned IPS profile for a specific GW. 

 

If anyone has any clues they can drops that would be fantastic. 

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

I believe you need to use ips stat on the command line of the gateway to see precisely what profile is in use.
See: https://community.checkpoint.com/t5/Threat-Prevention/Command-IPS-for-showing-profile-used/m-p/13627...

I have a feeling the "detect only" setting is a setting that would only be findable with a generic object and it certainly wouldn't work in the VSX case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events