This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
Cagri
Explorer
‎2020-11-02 01:14 AM

I can't add csv file to mgmt-cli tool

I have a CSV file with MD5 hashes. I want to upload this CSV file with the help of the mgmt_cli tool.

this is cli wrote;

mgmt_cli add-threat-indicator name my_indicator_1 observa bles-raw-data /home/admin/md5.csv

this is error message;

[Expert@xc-cp-mgmt:0]# mgmt_cli add-threat-indicator name my_indicator_1 observa bles-raw-data /home/admin/md5.csv
Username: admin
Password:


---------------------------------------------
Time: [12:08:12] 2/11/2020
---------------------------------------------
"Add Indicator" in progress (20%)


---------------------------------------------
Time: [12:08:22] 2/11/2020
---------------------------------------------
"Add Indicator" failed (100%)
tasks:
- uid: "3b5e0b45-d63d-4dc0-a7aa-b03b7710984e"
type: "task"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
task-id: "5409932c-d0ff-4c3a-bdff-d96573eba98b"
task-name: "Add Indicator"
status: "failed"
progress-percentage: 100
start-time:
posix: 1604308091084
iso-8601: "2020-11-02T12:08+0300"
last-update-time:
posix: 1604308091084
iso-8601: "2020-11-02T12:08+0300"
suppressed: false
task-details:
- request-status: "failed"
request-status-description: "status element returned error: - Indicator in r ow 1 has less fields than expected\n"
comments: "status element returned error: - Indicator in row 1 has less fields than expected\n"
color: "black"
icon: "General/globalsNa"
tags: []
meta-info:
lock: "unlocked"
validation-state: "ok"
last-modify-time:
posix: 1604308092333
iso-8601: "2020-11-02T12:08+0300"
last-modifier: "admin"
creation-time:
posix: 1604308091092
iso-8601: "2020-11-02T12:08+0300"
creator: "admin"
read-only: false

Executed command failed. Changes are discarded.

 

 

this is CSV file;

[Expert@xc-cp-mgmt:0]# cat MD5.csv
Name,Value,Type,Confidence,Severity,Product,Comments
deneme1,166ED84E38FA294D489D791B211685AB,MD5,medium,low,AB,deneme
deneme2,293DE194F503BC734A801FA49D948B32,MD5,medium,low,AB,deneme
deneme3,17DB2B5A95D6DBB6CDDBA2342F8474D1,MD5,medium,low,AB,deneme
deneme4,EF9A98671CC89AE67F9A7FCD07F622D7,MD5,medium,low,AB,deneme
deneme5,01867DE7BEB1CDBFC3D9900B7CED23CF,MD5,medium,low,AB,deneme

 

 

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2020-11-04 08:12 AM

Your first few lines should be as shown here: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/... 

0 Kudos
Cagri
Explorer
‎2020-11-06 01:13 AM
In response to PhoneBoy

I have another question;

I have 12000 md5 hash file and this file is always updated. I want these hash files sent to the management server. How can these processes?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-11-08 08:35 PM
In response to Cagri

You can script the same command above as well as a policy install for it to take effect. 

0 Kudos
Nir_Naaman
Employee
Employee
‎2022-03-05 12:23 PM
In response to Cagri

Is your objective loading the hashes into the management server, or enforcing them on the gateway? If the latter, have you considered using sk132193 Custom Intelligence Feeds? Instead of pushing policy from your management, you can configure your gateways to pull indicators from a feed. And, if you're looking for a managed facility, you could pull the input feed into Infinity NDR, and configure your gateways to pull from there.

0 Kudos
pfilipe
Participant
‎2022-03-03 01:45 AM

Hello Cagri, 

 

Could you provide the CSV you implemented so i can see the correct file format?

I keep getting the error Indicator in r ow 1 has less fields than expected as well.

 

 

0 Kudos
the_rock
Champion
Champion
‎2022-03-05 01:27 PM
In response to pfilipe

This is what TAC provided me couple years ago when I was trying same thing. We could not get it working with CSV file, so they suggested create file with extension .csv on mgmt server and try below. I actually like this approach...see if it works for you, as I tried it many times and never had an issue. I know its lots of manual typing, but once file is ready, works like a charm.

 

So say you wanted to block 3 IP addresses...you could do this:

cd /var/log

touch blocked_ip_addresses.csv

vi blocked_ip_addresses

name,ip-address

bad_ip_1.1.1.1,1.1.1.1

bad_ip_1.1.1.2,1.1.1.2

bad_ip_1.1.1.3,1.1.1.3

and do on

then you run mgmt_cli add host --batch blocked_ip_addresses.csv

--->To add address-range via API:mgmt_cli add address-range --batch address-ranges_full.csv#cat address-ranges_full.csvname,ip-address-first,ip-address-lastrange1,10.0.0.0,10.0.0.100---> To add a network via API:mgmt_cli add network --batch networks.csv#cat networks.csvname,subnet,subnet-masknetwork1,10.10.10.0,255.255.255.0network2,20.20.20.0,255.255.255.0network3,30.30.30.0,255.255.255.0---> To add a host mgmt_cli add host --batch test.csv#cat test.csvname,ip-addressobj1,192.168.1.1

pfilipe
Participant
‎2022-03-08 09:29 AM
In response to the_rock

Will try and see!

0 Kudos