This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Aleksandr_Nosit
Employee
Employee
‎2016-08-29 04:04 AM
Jump to solution

Alert on rule time expire

Hi gurus,

do we have any option to alert admins via e-mail about time limited rules about to expire?

Br,

Aleksandr

1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor
‎2016-08-29 10:43 PM
Jump to solution

Hi,

SmartConsole does not have such feature at the moment. For R80, setting up the customized email template to the specific users, with the specific pre-expiration threshold, could be achieved by using API commands such as "show-access-rulebase", or alternatively "show-times" and then "where-used" per expired time object.

View solution in original post

0 Kudos
12 Replies
Tomer_Sole
Mentor
Mentor
‎2016-08-29 10:43 PM
Jump to solution

Hi,

SmartConsole does not have such feature at the moment. For R80, setting up the customized email template to the specific users, with the specific pre-expiration threshold, could be achieved by using API commands such as "show-access-rulebase", or alternatively "show-times" and then "where-used" per expired time object.

0 Kudos
Aleksandr_Nosit
Employee
Employee
‎2016-08-29 11:20 PM
In response to Tomer_Sole
Jump to solution

Hi Tomer,

Do we have this feature in roadmap for near future? This is the  feature people a asking about and missing a lot .

/Alec

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2016-08-30 06:08 AM
In response to Aleksandr_Nosit
Jump to solution

We have this in our roadmap plan.

thanks,

Tomer.

0 Kudos
Ekta_Siwani1
Contributor
‎2017-09-21 04:18 AM
In response to Tomer_Sole
Jump to solution

Hi Tomer Sole,

How to find expired rules using "show-access-rulebase" API.

I am not able to find any field which provides me this information. 

Looks like I am missing something.

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2017-09-24 06:19 AM
In response to Ekta_Siwani1
Jump to solution

Hi, just like SmartConsole, this option is not available with the R80.10 API either. This is because the logics happen on the Management Server. Both SmartConsole and the MGMT API are simply clients that utilize the logics that happen on the Management Server.

In our next releases, this gap will be closed, and then both clients (SmartConsole & API) will have this capability. 

As a workaround, you will have to iterate per rule and check whether it has a time object, and the time object's data.

0 Kudos
Felix_Hoffmann1
Participant
‎2018-04-25 05:24 AM
Jump to solution

Hi, I created a small python script that is using the web services API. maybe you can use it.

#!/usr/bin/python
import requests, json, urllib3, os, smtplib, re
from datetime import datetime
from email.parser import Parser
from pprint import pprint
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

mgmtserv = 'ip of your mgmt server'
mgmtport = '443'
mgmtuser = 'yourapiuser'
mtmtpass = 'apiuserpassword'
mailpath = '/root/maildir/'
smtpserver = 'yourmailserver'

def api_call(command, json_payload, sid):
    url = 'https://' + mgmtserv + ':' + mgmtport + '/web_api/' + command
    if sid == '':
        request_headers = {'Content-Type' : 'application/json'}
    else:
        request_headers = {'Content-Type' : 'application/json', 'X-chkp-sid' : sid}
    r = requests.post(url,data=json.dumps(json_payload), headers=request_headers, verify=False)
    return r.json()


def login(user,password):
    payload = {'user':user, 'password':password}
    response = api_call('login', payload, '')
    return response["sid"]


def createmails(userarr,content,delta):
    for mail in userarr:
        mailfile = mailpath + mail.lower()
        if not os.path.isfile(mailfile):
            filehandler = open(mailfile,"w+")
            if re.search(r'@',mail.lower()):
                filehandler.write("To:" + mail.lower() + "\n")
            else:
                filehandler.write("To:" + mail.lower() + "@<yourdomainname here>\n")
            filehandler.write("From: \n")
            filehandler.write("Cc: \n")
            filehandler.write("Subject: rule expiration\n")
            filehandler.write("Content-Type: text/html; charset=UTF-8\n\n")
            filehandler.write("<html><body>\n")
            filehandler.write("<p><span style=\"font-family:sans-serif\"; font-size:\"0.5em\">\n")
            filehandler.write("Hi,<br>The following rules are about to expire.<br><br>")
            filehandler.write("<table border='1'>\n<tr>\n<th>source</th>\n<th>destination</th>\n<th>service</th>\n<th>days left</th>\n<th>contacts</th>\n<th>ticket number</th>\n<th>additional rule information</th>\n</tr>\n")
            filehandler.close()
        appendcontenttomail(mailfile,content,delta)

def appendcontenttomail(mailfile,content,delta):
    filehandler = open(mailfile,"a")
    daysleft = delta.days
    print daysleft
    filehandler.write("<tr><td>")
    for item in content['source']:
        filehandler.write(item['name'] + "<br>")
    filehandler.write("</td><td>")
    for item in content['destination']:
        filehandler.write(item['name'] + "<br>")
    filehandler.write("</td><td>")
    for item in content['service']:
        filehandler.write(item['name'] + "<br>")
    filehandler.write("</td><td>")
    filehandler.write(str(daysleft))
    filehandler.write("</td><td>")
    filehandler.write(content['custom-fields']['field-3'])
    filehandler.write("</td><td>")
    filehandler.write(content['custom-fields']['field-2'])
    filehandler.write("</td><td>")
    filehandler.write(content['custom-fields']['field-1'])
    filehandler.write("</td>\n")
    filehandler.close()

sid = login(mgmtuser,mtmtpass)

result = api_call('show-times', {}, sid)

for i in result['objects']:
    timedetail = api_call('show-time', {'uid':i['uid']}, sid)
    if not timedetail['end-never']:
        date1 = datetime.strptime(timedetail['end']['date'], "%d-%b-%Y")
        date2 = datetime.now()
        delta = date1 - date2

        if (int(delta.days) == 45) or (int(delta.days) == 21) or (int(delta.days) == 3):
            rules = api_call('where-used', {'uid':i['uid']}, sid)
            for rulenr in rules['used-directly']['access-control-rules']:
                accessrule = api_call('show-access-rule', {'layer':rulenr['layer']['uid'],'uid':rulenr['rule']['uid']}, sid)
                if accessrule['custom-fields']['field-3'] != '':
                    users = accessrule['custom-fields']['field-3'].split("/")
                    createmails(users,accessrule,delta)

                    
for file in os.listdir(mailpath):
    mailfile = mailpath + file
    filehandler = open(mailfile,"a")
    filehandler.write("</table>\n</span>\n</p>\n</body>\n</html>\n")
    filehandler.close

    headers = Parser().parse(open(mailfile, 'r'))
    fromaddr = headers['From']

    toaddr = headers['To']
    ccaddr = headers['Cc']
    toaddrs = [toaddr] + [ccaddr]
    server = smtplib.SMTP(smtpserver)
    server.sendmail(fromaddr, toaddrs, headers.as_string())
    server.quit()


logout_result = api_call('logout', {}, sid)

you need to change the from, CC and <yourdomainname here> to your needs.

minhhaivietnam
Collaborator
‎2022-01-13 09:54 PM
In response to Felix_Hoffmann1
Jump to solution

Hello Felix,

Thank much for this script. I run this,  it works fine for rule number from 0 to 500.

run ok.png

When I change limit rule to 501 and above, it get error like this

run faild.png

 

Could you pls help me why ? Tks you in advance.

 

0 Kudos
abihsot__
Advisor
‎2022-01-18 01:32 AM
In response to minhhaivietnam
Jump to solution

it is crappy design, but you have to use offset 500 and  limit 500 together to iterate through bigger lists.

0 Kudos
quabank
Explorer
‎2022-05-26 07:41 PM
In response to Felix_Hoffmann1
Jump to solution

Hi Felix, 

Your script run so nice. But i have an issuez: Now i want to sent the rule expired or alert to each requester(who own this rule) instead of sent lots of rules.

Could you have any suggestions.

Thanks

0 Kudos
(1)
Ihenock1011
Advisor
‎2024-04-24 02:27 AM
In response to quabank
Jump to solution

hi @Aleksandr_Nosit @Felix_Hoffmann1 @minhhaivietnam @abihsot__ @quabank 

Can Check Point Smart Console R81 and later versions send email alerts for expired rules and user accounts? checking if the feature is enabled

0 Kudos
PhoneBoy
Admin
Admin
‎2024-04-24 09:08 AM
In response to Ihenock1011
Jump to solution

You can create scripts that monitor API output for these items.
However, we do not issue alerts for these items.

JozkoMrkvicka
Authority
Authority
‎2024-04-24 02:23 PM
In response to Ihenock1011
Jump to solution

For expired rules:

you can view a list of these expired rules in $FWDIR/log/expired_rules_per_layer.txt. (In case of VSX - go to the relevant VS)

Kind regards,
Jozko Mrkvicka

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events