This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Veeraselvam_man
Contributor
‎2023-07-05 08:04 AM
Jump to solution

Issue with Retrieving Object Details from Checkpoint Management Server API

Hello everyone,

I would like to bring to your attention a challenge we are facing with one of our clients' Checkpoint management server. The server contains of more than 20,000 Network and Service objects. To retrieve rule details categorized by layers, we are utilizing the "show-access-rulebase" API command. The output file from this command contains the object details configured within the rules.

Additionally, we are using the "show-unused-objects" API command to identify unused objects. This means that all objects used within the rules are present in the "show-access-rulebase" API response, while objects not configured within the rules are found in the "show-unused-objects" API response.

However, in the case of this particular client, the "show-unused-objects" API response contains only 114 object details. To overcome this issue, I attempted to use the "show-objects" command within the client's setup. Unfortunately, due to API constraints, the "show-objects" API response only get a maximum of 500 object details. Also, the response indicated a total count of 23,684 objects. So, I have added the "offset" and "limit" parameters in the "show-objects" API, executing multiple calls with different offset values ranging from 0 to 47.

But, all API calls only yielded around 2000+ unique object details, with the remaining values being duplicate entries. I had expected that specifying an offset value of 47 would return only 184 unique objects, but the API response still included 500 object details. (My assumption was that an offset of 0 and a limit of 500 would return object values 1 to 500, and likewise, an offset of 46 and a limit of 500 would return object values 23001 to 23500.)

The API documentation mentions an automatic sort order by Name in ascending order. Also, I have tried including the "order" parameter with the value of "name," but unfortunately, it did not yield the desired results.

Here are the details of the API request:

POST {{server}}/show-objects
Content-Type: application/json
X-chkp-sid: {{session}}
{
"limit" : 500,
"offset" : 47,
"order" : [ {
"ASC" : "name"
} ]
}

I kindly request your assistance in resolving this issue or suggesting an alternative approach to retrieve all object details.

Thank you for your attention.

Best regards,
M. Veeraselvam

0 Kudos
2 Solutions

Accepted Solutions
Bob_Zimmerman
Authority
Authority
‎2023-07-05 11:04 AM
In response to Veeraselvam_man
Jump to solution

The offset is how many individual objects to skip ahead. It defaults to 0, which skips 0 objects. Limit 500 offset 501 would give you objects 502 through 1001. The 'from' and 'to' in the call result will confirm this for you.

You should use limit 500 offset 500, limit 500 offset 1000, and so on.

View solution in original post

0 Kudos
Hugo_vd_Kooij
Advisor
‎2023-07-10 02:11 AM
In response to Veeraselvam_man
Jump to solution

I think that answer is given but not noted. There is a limit on the number of object returned. Throughout the API pages you will find :

limit integer
Default: 50
Description:
1-500
 The maximal number of returned results.

 

So it seems that question was answered implicitly.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

View solution in original post

9 Replies
PhoneBoy
Admin
Admin
‎2023-07-05 08:52 AM
Jump to solution

As constructed, your API call will return results from 47 to 547.
To get the results from 23000 to 23499, your offset needs to be 23000.

0 Kudos
Veeraselvam_man
Contributor
‎2023-07-05 10:11 AM
In response to PhoneBoy
Jump to solution

Thank you, @PhoneBoy 

If I understand correctly, the default offset value of 0 means that we can retrieve objects 1 to 500 in the first call. For the second call, I would need to set the offset value to 501 in order to retrieve objects 501 to 1000. Is my understanding correct?

Additionally, it seems that the order parameter is not required because the API automatically sorts the objects by Name in ascending order. Is that correct?

To get Objects 1 to 500:
POST {{server}}/show-objects
Content-Type: application/json
X-chkp-sid: {{session}}
{
"limit" : 500,
"offset" : 0
}

To get Objects 501 to 1000:
POST {{server}}/show-objects
Content-Type: application/json
X-chkp-sid: {{session}}
{
"limit" : 500,
"offset" : 501
}

To get Objects 23501 to 23618:
POST {{server}}/show-objects
Content-Type: application/json
X-chkp-sid: {{session}}
{
"limit" : 500,
"offset" : 23501
}

Are the above API calls correct, or did I miss anything wrong?

Best regards,
M. Veeraselvam

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-07-05 11:04 AM
In response to Veeraselvam_man
Jump to solution

The offset is how many individual objects to skip ahead. It defaults to 0, which skips 0 objects. Limit 500 offset 501 would give you objects 502 through 1001. The 'from' and 'to' in the call result will confirm this for you.

You should use limit 500 offset 500, limit 500 offset 1000, and so on.

0 Kudos
Veeraselvam_man
Contributor
‎2023-07-10 01:51 AM
In response to Bob_Zimmerman
Jump to solution

Thank you @Bob_Zimmerman , Suggested changes are working fine.

Best regards,
M. Veeraselvam

 

 

0 Kudos
Veeraselvam_man
Contributor
‎2023-07-10 01:52 AM
In response to PhoneBoy
Jump to solution

Thank you @PhoneBoy 

Best regards,
M. Veeraselvam

0 Kudos
Veeraselvam_man
Contributor
‎2023-07-10 12:40 AM
Jump to solution

Does anyone know why the "show-unused-objects" API call is not returning the complete list of unused objects on GAIA OS 81.10? Are there any known issues in this version?

Best regards,
M. Veeraselvam

0 Kudos
Hugo_vd_Kooij
Advisor
‎2023-07-10 12:57 AM
In response to Veeraselvam_man
Jump to solution

Not sure what you are asking here. As it looks like you didn't read any of the above. So please be more clear in your question.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Veeraselvam_man
Contributor
‎2023-07-10 01:54 AM
In response to Hugo_vd_Kooij
Jump to solution

Sorry for the confusion @Hugo_vd_Kooij . In this thread, I have two questions. First, why does the "show-unused-objects" API command output only contain 100+ unused objects when there are actually more than 15,000 unused objects available? Second, regarding the "show-objects" API offset, I received some comments and suggested changes that are working fine in our client environment. However, I haven't received an answer for the first question yet.

Best regards,
M. Veeraselvam

0 Kudos
Hugo_vd_Kooij
Advisor
‎2023-07-10 02:11 AM
In response to Veeraselvam_man
Jump to solution

I think that answer is given but not noted. There is a limit on the number of object returned. Throughout the API pages you will find :

limit integer
Default: 50
Description:
1-500
 The maximal number of returned results.

 

So it seems that question was answered implicitly.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top