Hello,
I know you can do this via Python and CheckPoint API, But I do not know how to perform this via SmartConsole.
I will share it below, it may be helpful for you friend.
import requests
import json
import time
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
url = 'https://XXX.XXX.XXX.XXX/web_api/login'
headers = {"Content-Type": "application/json"}
credentials = {"apiuser" : 'APIKEY'}
data = json.dumps(credentials)
payload = requests.post(url=url, headers=headers, data=data, verify=False)
json_response = json.loads(payload.text)
sid = json_response['sid']
#print("\nThe ID of session is: ", sid)
url = 'https://XXX.XXX.XXX.XXX/web_api/show-package'
headers = {"Content-Type": "application/json", "X-chkp-sid": sid}
package = {'name' : 'Standard'}
data = json.dumps(package)
payload = requests.post(url=url, headers=headers, data=data, verify=False)
json_response = json.loads(payload.text)
for package in json_response["access-layers"]:
package_name = package['name']
package_uid = package['uid']
print("\nThe name of the packet show-package is: ", package_name)
print("The UID of package show-package is: ", package_uid, "\n")
url = 'https://XXX.XXX.XXX.XXX/web_api/show-access-rulebase'
headers = {"Content-Type": "application/json", "X-chkp-sid": sid}
filter = {'uid' : package_uid, 'show-hits' : 'true',}
data = json.dumps(filter)
payload = requests.post(url=url, headers=headers, data=data, verify=False)
json_response = json.loads(payload.text)
for policy in json_response["rulebase"]:
name_policy = policy["name"]
hits = policy['hits']
if hits['value'] > 740000:
hitsNumber = hits['value']
email_subject = "Alert: Rule violated in Check Point policy"
email_message = "The '{0}' rule was hit with {1} hits.".format(name_policy,hitsNumber)
print(email_subject)
print(email_message,"\n")
It is worth remembering that it is necessary to change some information, such as IP, user, password, name of policies and etc.
