This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Robert_Decker
Advisor
‎2018-07-03 03:17 AM

R80 Management API tips and tricks - "show-objects" command

The show-objects API command is very useful for general objects search, by specifying the objects "type" parameter and filtering the results by "filter" parameter.

Here is a list of available object types (R80.10) that can be used:

access-role
address-range
administrator
application-site
application-site-category
application-site-group
data-center
data-center-object
dns-domain
dynamic-object
gateways-and-servers
group
group-with-exclusion
host
host-ckp
mds
multicast-address-range
network
opsec-application
scada-application
security-zone
service-dce-rpc
service-icmp
service-icmp6
service-other
service-rcp
service-sctp
service-tcp
service-udp
service-group
session
simple-gateway
tag
task
time
time-group
vpn-community-meshed
vpn-community-star
unused-object

The "filter" parameter can be made up as an expression, containing logical operators -  'AND', 'OR', in capital letters. The provided expression should be exactly the same as it would be given in SmartConsole GUI.

For example, to search all tcp services with names containing "aol" or "bgp", use - 

show-objects type service-tcp filter "aol OR bgp"

To search all tcp services having a name containing both "edonkey" and "466", use - 

show-objects type service-tcp filter "edonkey AND 466"

In addition, there are undocumented parameters "in" and "not in", for string matching in textual fields, such as name and comments.

For example, to search all tcp services containing "ext" in the name field, use - 

show-objects type service-tcp in.1 name in.2 ext

To search all tcp services containing "cifs" in the comments field, use - 

show-objects type service-tcp in.1 comments in.2 cifs

To search all tcp services NOT containing "cifs" in the comments field, use - 

show-objects type service-tcp not.in.1 comments not.in.2 cifs

Hope this helps.

Robert.

7 Replies
Kim_Moberg
Advisor
‎2018-07-03 03:23 AM

Awsome!!!

Best Regards
Kim
0 Kudos
Petr_Hantak
Advisor
Advisor
‎2018-07-03 04:25 AM

Thank you for it!

PhoneBoy
Admin
Admin
‎2018-07-03 06:10 PM

Curious, shouldn't this be in Developers (Code Hub)‌?

0 Kudos
_Val_
Admin
Admin
‎2018-07-04 02:34 AM

I would say yes

0 Kudos
Christian_Hofma
Employee
Employee
‎2018-11-28 12:33 PM

Hi Robert,

show objects is really nice, I would love to have the filters in all show commands.

Is there a way to filter by domain? Especially on services it would be super helpful to filter our the pre-defined ones from the "Check Point Data" domain as you cannot edit them.

Thanks

Christian

Luis_Miguel_Mig
Advisor
‎2021-08-27 08:36 AM
In response to Christian_Hofma

Is it possible to filter by more than one type ? For example type host or group.

0 Kudos
Luis_Miguel_Mig
Advisor
‎2021-09-03 01:59 AM
In response to Luis_Miguel_Mig

the best way I found was with a loop with an array  like this 


querytype: [host, group]

- name: Host Check
checkpoint_object_facts:
object_type: "{{item}}"
object_filter: "{{newip}}"
ip_only: yes

with_items:  "{querytype}'

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events