This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Douglas_Rich
Contributor
‎2021-12-14 10:21 AM

Inventory MDS for log4j configuration

Hey guys.  I'm looking to write a script to identify each firewall managed by and mds for the following information: 

CMA Name, Firewall Name, Is IPS in Detect Mode true/false, Assigned IPS Profile, Profile Setting for log4J

CMA Name, Firewall Name are easy, done, no issues

I found how to grab the log4j setting:

mgmt_cli -r true show threat-protection name "Apache Log4j Remote Code Execution (CVE-2021-44228)" --domain x.x.x.x show-profiles true

and If IPS is enabled or not:

mgmt_cli -r true show simple-gateway name "fw name" --domain x.x.x.x | grep ips
ips: true

The parts I need help with are finding;

1. for each GW object is IPS set to "Detect Only" or not

2. What is the assigned IPS profile for a specific GW. 

 

If anyone has any clues they can drops that would be fantastic. 

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2021-12-16 03:58 PM

I believe you need to use ips stat on the command line of the gateway to see precisely what profile is in use.
See: https://community.checkpoint.com/t5/Threat-Prevention/Command-IPS-for-showing-profile-used/m-p/13627...

I have a feeling the "detect only" setting is a setting that would only be findable with a generic object and it certainly wouldn't work in the VSX case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events