Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tomer_Noy
Employee
Employee

Automating Check Point R81 Security Management from iOS using Siri, REST APIs & Smart-1 Cloud

Hi,

In the recent CPX, I had a session about the Infinity Portal and the value it brings to the wider Infinity Architecture and to R81 Management. The session included a demo about automating R81 Management, leveraging Smart-1 Cloud, REST APIs and Siri. All of it was done using an iPad, and can easily be done with an iPhone as well.

Aside from a cool demo, it's a very good tutorial on how to get started with Management REST APIs and / or Smart-1 Cloud.

Following many requests, I'd like to share a direct link to the video and all the code snippets that I used to actually automate the Management from iOS. You can easily replicate the demo yourself without any existing infrastructure or previously purchased products.

Here's the 16 minute demo video: https://youtu.be/Ol_IYgWNk8w

Here is a snippet for using Scriptable to add & publish rules to your Access policy:

 

 

// Login

// Server definition (replace with your link)
let apiTarget = 'https://cpx-2021-ulv5sbt3.maas.checkpoint.com/af85b17f-5647-45f9-9ba0-2ec88e980926/web_api/';

// Create request
let apiRequest = new Request(apiTarget + 'login');
apiRequest.method = "POST";

// Set Authorization key 
apiRequest.headers = { "Content-Type" : "application/json" }

// Set body (replace with your api key)
let body = {
	"api-key" : "wOlpFwXvxjUULW6psaSbqA==",
	"continue-last-session" : "true"
}
apiRequest.body = JSON.stringify(body);

let jsonResponse = await apiRequest.loadJSON();

console.log(jsonResponse);

// Extract session ID
let sid = jsonResponse["sid"]


// Add rule

// Create add rule request
apiRequest = new Request(apiTarget + 'add-access-rule');
apiRequest.method = "POST";

// Set headers
apiRequest.headers = { "Content-Type": "application/json" , "X-chkp-sid" : sid }

// Set body
body = {
  "layer" : "Network",
  "position" : "top",
  "name" : "My Top Rule - from iPad",
  "action": "Accept",
  "source": "Any",
  "destination": "Internet"
}

apiRequest.body = JSON.stringify(body);

jsonResponse = await apiRequest.loadJSON();

console.log(jsonResponse);

Speech.speak("Rule was added");


// Publish

// Create publish request
apiRequest = new Request(apiTarget + 'publish');
apiRequest.method = "POST";

// Set headers
apiRequest.headers = { "Content-Type": "application/json" , "X-chkp-sid" : sid }

// Set body
body = { }
apiRequest.body = JSON.stringify(body);

jsonResponse = await apiRequest.loadJSON();

console.log(jsonResponse);

Speech.speak("Session was published");

 

 

 

Here is a snippet for reading out loud the latest log with a severity of Medium or above:

 

 

// Server definition
let apiTarget = 'https://cpx-2021-ulv5sbt3.maas.checkpoint.com/af85b17f-5647-45f9-9ba0-2ec88e980926/web_api/';

// Create request
let apiRequest = new Request(apiTarget + 'login');
apiRequest.method = "POST";

// Set Authorization key 
apiRequest.headers = { "Content-Type" : "application/json" }

// Set body
let body = {
	"api-key" : "wOlpFwXvxjUULW6psaSbqA==",
	"read-only" : "true",
	"session-timeout" : "60"
}
apiRequest.body = JSON.stringify(body);

let jsonResponse = await apiRequest.loadJSON();

console.log(jsonResponse);

// Extract session ID
let sid = jsonResponse["sid"]


// Create add rule request
apiRequest = new Request(apiTarget + 'show-logs');
apiRequest.method = "POST";

// Set headers
apiRequest.headers = { "Content-Type": "application/json" , "X-chkp-sid" : sid }

// Set body
body = {
    "new-query" : {
        "max-logs-per-request" : "1",
        "time-frame" : "last-7-days",
        "filter": "severity:Critical OR severity:High OR severity:Medium"
    }
}

apiRequest.body = JSON.stringify(body);

jsonResponse = await apiRequest.loadJSON();

console.log(jsonResponse);

Speech.speak("The log says:" + jsonResponse.logs[0].calc_desc);


Script.complete();

 

 

 

All the API keys and signed URLs are of a demo environment that is no longer active, so no worries about leaking them 😀

 

If you have any feedback or personal experience, please share them on the post. Also, if you created your own cool snippets or have ideas of other things that can be achieved using a similar flow, I'm sure the community will appreciate them.

Thanks and enjoy!

1 Reply
Eran_Habad
Employee
Employee

 

So cool @Tomer_Noy !!!!🤙

We have more great stuff coming in this area, everyone - stay tuned 😉

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events