This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MedM
Explorer
‎2021-11-17 04:01 AM

MGMT_API delete all objects with TAGs "TEST"

Dear All,

 

I created almost 20k objects (hosts, networks,domains,...) with tags "TEST"

I would like to delete them easly.

Is there any commands line to use for deleting all objects relating to tags "TEST" ?

 

Thanks in advance for your help.

Kind Regards,

Medm

 

 

0 Kudos
6 Replies
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2021-11-17 07:52 AM

Just use the following command and the Tag should be completely deleted from all objects:

mgmt_cli delete tag

 

https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/delete-tag~v1.8%20

 

You can use Tag name or UID

0 Kudos
MedM
Explorer
‎2021-11-17 08:20 AM
In response to Tal_Paz-Fridman

Dear Tal_Paz-Fridman
 
Thank you for your reply.
 
The goal is to delete all the created 20k objects with TAG "TEST".
In fact, I am working with SmartMove scripts and would like to run the scripts again after analysing and resolving errors found on failed_objects.txt file.
From CMA, I selected all objects with TAG TEST but when I tried to delete them but I get disconnected after almost 2 minutes.
 
The proposed command "mgmt_cli delete tag" will delete all objects with Tag "TEST" or only the TAG "TEST" from objects ?
 
Thanks again for you help.
 
Kind Regards,
Medm
0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-17 01:58 PM
In response to MedM

I think that will only remove the tag.
To remove all objects with said tag, you’ll probably have to write a script to iterate over all the objects that have said tag and remove said object.

0 Kudos
MedM
Explorer
‎2021-11-22 06:20 AM
In response to PhoneBoy

Hello,

I refered to your old similar solution found on the link below:

 https://community.checkpoint.com/t5/API-CLI-Discussion/mgmt-cli-to-delete-all-objects-matching-a-pat...

I tried using this command below but I get the error

mgmt_cli -s id.txt delete objects-batch $(mgmt_cli -s id.txt -f json show objects filter "TEST" limit 500 | jq '.objects[].name' | cat -n | sed -r 's/^\s+([0-9]+)/objects.1.list.\1.name/' | tr '\n' ' ')


code: "generic_err_command_not_found"
message: "Requested API command: [delete-objects-batch] not found"

I am working with API v1.1 (api-server-version: "1.1")

Any help please ?

 

Thanks

MedM

0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-22 08:33 AM
In response to MedM

That API endpoint is not available in R80.10 (API version 1.1).
You will need to upgrade your management server to a version that supports it (R80.40, API v1.6). 
https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/delete-objects-batch~v1.6%20

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2021-11-22 09:29 AM
In response to MedM

One concern with this method is it could catch objects with "TEST" in the name.

I don't know of a way to go from a tag to the objects tagged with it. "where-used" doesn't work for tags:

[Expert@DallasSA]# mgmt_cli -f json -r true show host name staxBerlinDevWebVip | jq '{uid:.uid,name:.name,tags:[.tags[]|{uid:.uid,name:.name}]}'
{
  "uid": "70b131cb-e099-4b81-9345-53e5f4752b98",
  "name": "staxBerlinDevWebVip",
  "tags": [
    {
      "uid": "962a5a68-29a9-4407-921a-b774890b0a39",
      "name": "Development"
    },
    {
      "uid": "0a4b231c-bfad-4b37-8b50-b21a0c0f3f4a",
      "name": "Berlin"
    },
    {
      "uid": "63599767-883e-47aa-a04c-fc7d30b16a84",
      "name": "Stax"
    }
  ]
}
[Expert@DallasSA]# mgmt_cli -f json -r true where-used uid 962a5a68-29a9-4407-921a-b774890b0a39
{
  "code" : "generic_err_object_not_found",
  "message" : "Requested object [962a5a68-29a9-4407-921a-b774890b0a39] not found"
}

I think the only guaranteed option is to enumerate all of your objects, find the ones with the tag you care about, then send them to mgmt_cli delete-<type>. Something like this:

TagName="Development"

mgmt_cli -r true login > session.txt
echo "" > toRemove.txt
ObjectCount=$(mgmt_cli -f json -s session.txt show objects limit 1 details-level uid | jq '.total')
for GetOffset in $(seq 1 500 "${ObjectCount}"); do
mgmt_cli -f json -s session.txt show hosts limit 500 offset "${GetOffset}" details-level full | jq -c '.objects[]|{uid:.uid,type:.type,tag:.tags[]|.name}' | grep "\"tag\":\"${TagName}\"" >> toRemove.txt
done

PublishEvery=100
ChangeCount=1
function deleteObject {
mgmt_cli -s session.txt delete-"$1" uid "$2"
((ChangeCount+=1))
if [ ${ChangeCount} -gt ${PublishEvery} ]; then
mgmt_cli -s session.txt publish
ChangeCount=1
fi
}

while read ObjectToRemove; do
deleteObject "$(echo $ObjectToRemove | cut -d '"' -f 8)" "$(echo $ObjectToRemove | cut -d '"' -f 4)"
done < toRemove.txt

mgmt_cli -s session.txt publish
mgmt_cli -s session.txt logout
rm toRemove.txt
rm session.txt

Note that I have not tested this! It should work, though. If you only run the top section (everything before "PublishEvery=100"), it will spit out a file with the objects it would remove. That would let you preview what the bottom section would do.

Make and test a backup before running code you get like this from somebody you don't know.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events