- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
In R80.40 we introduced SmartTasks, a powerful feature that further expands the openness and extensibility approach.
SmartTasks saves admins valuable time by automating routine tasks with pre-defined or customizable actions. A SmartTask is a combination of trigger and action.
Triggers are events – currently defined in terms of existing management operations, such as install policy or publish
Actions are automatic responses that take place after a trigger is fired, such as running a script, posting a web request.
Below you can find some of the SmartTasks we created. To start using them, just import the SmartTask into your R80.40 Security Management Server.
You're very welcome to check out the scripts, modify and create your own SmartTasks.
SmartTask - Validate Session Name Format
SmartTask - Custom Permissions
SmartTask - Restrict use of specific objects in Access Control Policy
Dear Team ,
can we do schedule for policy installation ?
Hi there,
I have a question, having smart task to check if IDA Access role objects have been modified/created.. If yes, policy to dedicated PDP gateways is pushed. Smart task trigger is after publish with bash script below.
#!/bin/bash
@ihr@actinet.cz
trigger_json=`echo $1 | base64 --decode -i`
session_objcets=`echo $trigger_json | jq '.operations | (."added-objects"[] | {"name":.name , "type":.type}) , (."deleted-objects"[] | {"name":.name, "type":.type}), (."modified-objects"[] | {"name":."new-object".name, "type":."new-object".type})' | jq -s .`
session_objects_details=`echo $session_objcets | jq '.[] | {"name":.name, "type":.type, "valid_type": ( [.type]-["access-role"]| length == 0)}' | jq -s .`
number_of_objects_changed=`echo $session_objects_details | jq '.[] | select(."valid_type" == true)' | jq -s '. | length'`
list_of_objects_changed=`echo $session_objects_details | jq '.[] | select(."valid_type" == true)' | jq -s -c '[.[] | .name]' | tr -d [ | tr -d ]`
if [ $number_of_objects_changed -gt 0 ]; then
mgmt_cli -r true install-policy policy-package "AXXXX" access true threat-prevention false targets.1 "XXX" targets.2 "YYY" --format json > /dev/null 2>&1
m1="IDA objects changed, PDP policy was installed on IAP gateways"
m2="The following objects were modified : $list_of_objects_changed"
m2=${m2//\"/\\\"}
printf '{"result":"success","message":"%s %s"}\n' "$m1" "$m2"
exit 0
else
m1="No IDA objects changed, I wont install PDP policy"
printf '{"result":"success","message":"%s"}\n' "$m1"
exit 0
fi
This works fine if you do just few changes in GUI..
There is an issue when there are many changes like updating cluster objects with 250 interfaces - get interfaces with topology, basically huge publish changes via GUI.. smart task will crash after 300 sec (max running time) with no output.
I tested also something like this, just to get all data before sorting, same it did not produced any output at all:
#!/bin/bash
trigger_json=`echo $1 | base64 --decode -i`
printf "trigger_json"
So my question is, did someone tested to run smart task (after publish trigger) when there are more changes published, specially if you modify cluster object as I described? Or is there other way how to get operations data after publish?
thx!
ivo
Hi Ivo, thanks for reporting. We're looking into this issue now in order to offer a solution.
thx
In this video https://www.youtube.com/watch?v=steOVo6T2iY
You guys show an example of smarttask which involves sending an e-mail with all the changes from a published session. How can I do that? Said e-mail has a nice design on it already.
@Tomer_Sole I realize this isn't your area anymore, but it was when this came out.
Can you find the right resource to publish this particular SmartTasks?
Also @Dima_M
Hi,
We're working on adding " send email" action to SmartTasks, currently you can use "run script" action to send an email with sendmail daemon.
/opt/CPsuite-Rxx.xx/fw1/bin/sendmail -t IP_of_MailServer -s "Subject" -f from@example.com to@example.com
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY