Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ivo_Hrbacek
Contributor
Contributor

SmartEvent API/ different report formats?

Hi there ,

is there some plan to extend Smart Event funcionaluty about REST API where I can get basic info about critical incidents for particular subnets in detect/prevent mode?

Or will be there some other export format for reports like XML, JSON?

Currently we are able to export data into PDF or Excel, but those are not so effective formats when you would like to start SOC services with machine processing.

ivo

4 Replies
PhoneBoy
Admin
Admin

Right now, SmartEvent is not available through the API.

I assume that plus other report formats are being looked at for later releases.

A bit more detail about your desired use cases will certainly be helpful.

Kfir DadoshDan Zada

0 Kudos
Ivo_Hrbacek
Contributor
Contributor

Hi,

okay thx for reply. First, I will summarize current status.

I can generate PDF report, I do not have problem with some data in it (incidents, graphs, pictures, thats all okay) anyway If i would like to use for example text area to customize this report for some presentation to Security auditors, there is a big issue. I can not customize format of report being generated into PDF (remove Check Point logo, modify Main page fully),
Text area feature is not working very well. If you put more text data across two or three pages, once PDF is generated there is only text from first page according to my testing Smiley Happy


When I choose to generate data into EXCEL format and I have complex report with multiple pages and data tables, there are just few tables generated, not all of them Smiley Happy

The reason for other formats like JSON or XML or API interface is as follow, since I have to create my own report format and use data (in my case all is linked to confluence page where we summarize findings ) I would like to put data from logs into confluence page in automated way (not copy paste from PDF or whatever else).
Once a week from confluence pages will be generated final report with all needed text in it (recommendation, findings, summary etc.) and of course data.


So the main need is to somehow process data automatically, since lot of customers do not have dedicated SOC analyst reading data from Console and of course in 2018 more admins going to automate lots of task like this with this approach.. personally I would like to have some basic API to get data from logs (I do not care about fancy graphs, that can be added as additional PDF attachment normally generated as PDF report Check point has now ).. but good start is at least to be able to generate data about incidents to be readable for machines, now its not so easy as I realized. Even with Python PyPDF2 is not so easy to get data from complex PDF Smiley Happy

thx

ivo

Vladimir_Jandre
Explorer

Hi Dameon,

We are also looking in to having a REST API that can deliver those events in JSON format.

Is there any update on when and if it is going to be released?

Thanks!

Vlad

0 Kudos
PhoneBoy
Admin
Admin

I don't have any updated timelines on this.

I would engage with your local office on your requirements.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events