Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Adam_Forester
Ambassador
Ambassador

MDS - Global search across CMAs (by IP)

I was asked to post this publicly. This is something I wrote for one of my accounts to be able to search across all CMAs for an IP address. It's a really straight forward function. The script crawls your domains and creates a search function script that it executes which then searches each CMA for that IP and outputs it to a single file in JSON format.

Depending on feedback I could easily update this to make a CSV or other format. It also would be very easy to add an option to lookup by name to the script as well.

Since this is a search by IP it will also list objects like subnets, ranges, etc that the IP can be a part of as well as group membership.

 

Feedback always welcome!

 

https://github.com/WadesWeaponShed/Global-IP-Search-MDS

8 Replies
_Val_
Admin
Admin

Nicely done, @Adam_Forester !

0 Kudos
Martin_Valenta
Advisor

With r77.30 there was option to search for object accross all CMA's from MDS, shouldn't it be included too on R80.x on GUI (not just via API)?

 

Richie
Participant

Hi Adam ,

I want to know if  you are use this in python with json program or different programs 

0 Kudos
Tomer_Noy
Employee
Employee

Nicely done!

It's worth mentioning that this script is useful for R80.x versions. In R81 we added cross-domain search capabilities from the System domain. You can use that functionality from API or from the UI. 

You can find more details in the documentation: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Multi-DomainSecurityManagement_Adm... 

One of the main benefits of using the built-in feature in R81 is that it's much more efficient than iterating over the domains.

0 Kudos
JozkoMrkvicka
Authority
Authority

I didnt try it yet, but I have following questions/suggestions:

1. The result can be exported to CSV for better handling ?

2. Can I select which CMA(s) I would like to inspect from System domain? I mean, I dont want to search all CMAs, but only specific ones (one selected CMA, multiple selected CMAs) . Of course I can manually log into that one (or more) CMAs to search for something, but better way would be to have such an option from System domain to select CMA(s).

thank you.

Kind regards,
Jozko Mrkvicka
0 Kudos
jo-xxx
Explorer

Hey Tomer, how do I use the cross-domain search with the mgmt_cli API? Which domain do I need to login to?

0 Kudos
Tomer_Noy
Employee
Employee

You should run it from the System Domain.

See this from the documentation:
https://sc1.checkpoint.com/documents/latest/APIs/#cli/show-objects~v1.9%20

CrossDomainSearch.png

(1)
jo-xxx
Explorer

Thanks, I logged in with -d "System Data" and finally managed to get results with my where-used command:

mgmt_cli where-used name "ABC" domains-to-process.1 "ALL_DOMAINS_ON_THIS_SERVER" ignore-warnings true

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events