cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Security Audit Report Using Nipper tool

Currently I am using below configuration files to generate “Security Audit Report” using nipper tool:

  • objects.C
  • objects.C_41
  • objects_5_0.C
  • rules.C
  • rulebases.fws
  • rulebases_5_0.fws

is there any way to automate this using  API?

note: nipper is a third party tool for generate security audit reports for firewalls.

Regards

Veera

8 Replies
Admin
Admin

Re: Security Audit Report Using Nipper tool

The information in these files is rules and objects, which of course could be obtained from the API.

You'd have to have something that calls the API in the right way and parse the resulting data.

Whether nipper is capable of doing that, I have no idea. 

Re: Security Audit Report Using Nipper tool

Please suggest the API details to export those files, using that i will try to generate security audit report using the nipper tool.

0 Kudos
Admin
Admin

Re: Security Audit Report Using Nipper tool

There are too many API calls to list.

I recommend reviewing the API documentation to ensure you are getting the data you are most interested in: Check Point - Management API reference 

Either that or use the output of something like: Python tool for exporting/importing a policy package or parts of it

0 Kudos

Re: Security Audit Report Using Nipper tool

Thank you Dameon Welch-Abernathy‌, I exported nipper dependency files using "run-script" and "show-task" API calls.

0 Kudos
Danny
Jade

Re: Security Audit Report Using Nipper tool

As you can read on the Nipper Studio site "If you have any questions or need support when auditing any devices with our tool please get in touch: enquiries@titania.com". So you'd need to ask them. Personally I don't think they support recent Check Point version versions, such as R80.x Even in the past they just did very basic rulebase checking. For a real security audit report I recommend hiring Check Point professional services or a strong Check Point specialist.

On our community you could start by looking into these threads:

Check Point configuration mistakes - Top 10

Re: Security Audit Report Using Nipper tool

Veeraselvam,  could you give more detail on how  exactly you exported Nipper required files with "run script" and "show tasks"   API  commands ?   This could be useful for auditing with Nipper since officially they do not support R80.x. anymore.  Thanks. 

0 Kudos

Re: Security Audit Report Using Nipper tool

Checkpoint provided option to execute Linux commands using "run script" API option, that API call will return a task id, using "show task" API call with task id, we can get the executed command output.

Using above commands i downloaded the required files.

Regards

Veera

0 Kudos
Admin
Admin

Re: Security Audit Report Using Nipper tool

Keep in mind those files are not considered the authoritative source of data in R80 and above.

There is also no guarantee those files will continue to exist in future versions.

Nipper should query our API directly to get the authoritative data.

If you just want to report on objects and data, see: