This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
danog
Participant
‎2021-01-18 08:43 AM
Jump to solution

R80.30 API Access for Threat Prevention Stats

Hi. Each month I give my manager a report that includes a screenshot of the Threat Prevention statistics from the MGMT server (number of high risk attacks, prevented attacks, etc). Now the aim is to see if this data can be collected automatically via an API.

I see on the Threat Prevention API Guide that it mentions API web service. I'm working with my data engineering colleagues on this but I'm not sure where to start. Firstly, is this particular information accessible via API? Would I have to give external access to the MGMT server as we'd be collecting data from an external location? 

The API guide seems to relate to something else that we're not looking to implement. Any advice would be appreciated!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-01-18 09:17 AM
Jump to solution

The Threat Prevention API is mostly about submitting files to be emulated to find out if it’s malicious or not.
Reporting (statistics, etc) is all on the management server.
Those statistics are correlated from the logs and the like and are available as SmartEvent reports but not currently consumable via API.
You can consume logs via API in the most recent versions and potentially generate your own statistics or export your logs via syslog to a SIEM and have that generate the relevant statistics.

View solution in original post

2 Replies
PhoneBoy
Admin
Admin
‎2021-01-18 09:17 AM
Jump to solution

The Threat Prevention API is mostly about submitting files to be emulated to find out if it’s malicious or not.
Reporting (statistics, etc) is all on the management server.
Those statistics are correlated from the logs and the like and are available as SmartEvent reports but not currently consumable via API.
You can consume logs via API in the most recent versions and potentially generate your own statistics or export your logs via syslog to a SIEM and have that generate the relevant statistics.

danog
Participant
‎2021-01-18 09:22 AM
In response to PhoneBoy
Jump to solution

Hi PhoneBoy. Thanks very much for clarifying!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events