Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Employee
Employee

Best Practices for Threat Prevention API Calls to Appliance

The Check Point Threat Prevention API lets you use Threat Prevention products through web services.   

Threat Prevention API calls can be used either to Threat-Cloud or to a local Appliance.

Here we focus on Threat Prevention API to Appliance.

We can use Threat Prevention API calls to an appliance, when we’d like to scan files and/or clean their suspicious parts, in an environment where these files don’t  go through the gateway traffic, however there’s an appliance with Threat Emulation and/or Threat Extraction enabled.

Using API calls to Threat Emulation on the appliance, we detect whether files are malicious. This includes detecting unknown malware and Zero-day attacks.

Using API calls to Threat Extraction on the appliance, we proactively block malware and we are enabled to deliver reconstructed files to avoid delays.

 

Utilities

Description Attachment name

A Python client side utility for using both Threat Emulation & Threat Extraction  API calls to an appliance.

The ReadMe.txt found inside, will guide you through.
TPAPI_to_Appliance.zip

A slim Python client side utility for just using Threat Emulation API calls to an appliance.

The ReadMe.txt found inside, will guide you through.
TE_API_to_Appliance.zip

 

Video

Demonstrating the use of Threat Emulation API calls to Appliance  via curl commands.

PhoneBoy_1-1587582234251.gif

PhoneBoy_0-1587582223457.gif

Documentation references

Description Link

Threat Prevention API reference guide.

Note: The guide is common to both Cloud API and Appliance API, except for  Threat Extraction API to appliance.
TPAPIRefGuide 

SK for using API to appliance that includes Threat Extraction.

sk137032 
Using the Threat Emulation early malicious verdict feature via API (te_eb feature). sk117168_chapter4 
Generating and retrieving the new Threat Emulation reports via API to appliance. sk120357_chapter5 

 

Enjoy

1 Reply
Highlighted
Admin
Admin

Very nice!

 

0 Kudos