- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Currently I am using below configuration files to generate “Security Audit Report” using nipper tool:
is there any way to automate this using API?
note: nipper is a third party tool for generate security audit reports for firewalls.
Regards
Veera
The information in these files is rules and objects, which of course could be obtained from the API.
You'd have to have something that calls the API in the right way and parse the resulting data.
Whether nipper is capable of doing that, I have no idea.
Please suggest the API details to export those files, using that i will try to generate security audit report using the nipper tool.
There are too many API calls to list.
I recommend reviewing the API documentation to ensure you are getting the data you are most interested in: Check Point - Management API reference
Either that or use the output of something like: Python tool for exporting/importing a policy package or parts of it
Thank you Dameon Welch-Abernathy, I exported nipper dependency files using "run-script" and "show-task" API calls.
As you can read on the Nipper Studio site "If you have any questions or need support when auditing any devices with our tool please get in touch: enquiries@titania.com". So you'd need to ask them. Personally I don't think they support recent Check Point version versions, such as R80.x Even in the past they just did very basic rulebase checking. For a real security audit report I recommend hiring Check Point professional services or a strong Check Point specialist.
On our community you could start by looking into these threads:
Check Point configuration mistakes - Top 10
https://community.checkpoint.com/message/8352-check-point-support-resources-top-10
Veeraselvam, could you give more detail on how exactly you exported Nipper required files with "run script" and "show tasks" API commands ? This could be useful for auditing with Nipper since officially they do not support R80.x. anymore. Thanks.
Checkpoint provided option to execute Linux commands using "run script" API option, that API call will return a task id, using "show task" API call with task id, we can get the executed command output.
Using above commands i downloaded the required files.
Regards
Veera
Keep in mind those files are not considered the authoritative source of data in R80 and above.
There is also no guarantee those files will continue to exist in future versions.
Nipper should query our API directly to get the authoritative data.
If you just want to report on objects and data, see: https://community.checkpoint.com/docs/DOC-1974
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY