This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AaronCP
Advisor
‎2023-06-06 11:48 PM

Policy/Object Automation Approach

Morning all,

I am looking at various ways of automating policy changes using the Management API. We currently receive scoping requests via an excel spreadsheet, which details what objects are to be created/rules added, etc.

I've modified the excel file so that it will generate the mgmt_cli output, which saves time, but isn't full automation.

I'd like to utilise tools like PowerAutomate, Postman, etc. I'm interested in hearing how the community approach their policy automation.

Any ideas/suggestions welcomed 🙂.

 

Thanks.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-06-07 08:33 AM

You can feed a CSV file to mgmt_cli, but it has to be formatted correctly.
But, like you said, that's not full automation.

We do provide Postman collections for the various versions of the Management API: https://community.checkpoint.com/t5/API-CLI-Discussion/Postman-Collections-links-to-all-available-an... 

I'm also curious about how companies are approaching this topic as well as anything we (Check Point) can do to better support these efforts.

0 Kudos
the_rock
Legend
Legend
‎2023-06-07 08:55 AM

Great question mate! Let us know what you find, as I also had client ask me this question before.

Cheers,

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-07-05 01:05 PM

What you're talking about is called "glue code". It hooks up a ticket system to a firewall management server, for example. This code tends to be very environment-specific, because there aren't a lot of companies using the same set of tools. For example, my current company has gone through at least five ticket tracking systems in the last ten years. The code also tends to be fairly proprietary, and not very high-quality. Not sure you'll find any which already exists to hook into your existing workflow, and if you did, I'm not sure I would trust it.

A few companies like Tufin and HashiCorp make a sort of "API broker" tools which talk to many tools on the back-end. They then present a subset of those tools' capabilities via a consistent API, thereby reducing the amount of glue code you have to write to deal with multiple back-end platforms. I don't know of anything similar which talks to many ticket systems and gives you one reactive programming platform to deal with events in any of them.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events