Re: Auto-Updating custom URL block list

Aaron_Rose

I created this script a bit ago, but I thought it would be worth sharing. At a high level the script:

- Runs on Check Point's GAIA (using the built in python modules)
- Downloads a list of URLs from GitHub
- Parses the URLs from the list and adds them to a custom application/site object
- Pushes policy (by default it only publishes policy, but you can uncomment the lines to install as well)
- This object can be used for dynamic allow/block lists
Requirements
- Python 2.7 or greater
- Check lines 12 & 13 - be sure to download the CA bundle as instructed
Setup
- Clone the Python script to your host
- Download the CA bundle (see above)
- Modify the variables:
  - Line 15 - Add the URL of the suspicious domain list on GitHub (or similar repository) that you would like to use
  - Line 17 - Change the name of the Application/Site URL object that will be created if you wish
  - Line 20 - Change the domain if you're using this in a Multi-Domain environment
  - Line 21 - Name of your policy package if not "Standard"
  - Line 22 - Installation Targets (gateway name)
- For unattended (cron, etc.) use:
  - Line 19 - Add your API Key
  - Uncomment line 115 and comment out lines 109 - 112

https://github.com/aaronroseio/autoupdateurls

Aaron Rose, Security Architect Manager, Office of the CTO

the_rock · ‎2021-06-28

Hey Aaaron,

That looks interesting...question for you. Is there an official list or sk article about scripts available for different purposes? I ask because I know TAC has official stance that scripting is not supported.

PhoneBoy · ‎2021-06-28

Officially supported (by TAC) scripts are in SecureKnowledge.
Don't think we have a comprehensive list.

Aaron_Rose · ‎2021-06-28

Yes, you're correct. TAC can't support all scripts, since many are made outside of R&D - so TAC would be stretched attempting to digest the technical details & flow of each script, and then trying to support something they aren't familiar with. Officially supported scripts can be found in SecureKnowledge, as pointed out by @PhoneBoy

Aaron Rose, Security Architect Manager, Office of the CTO

JonasNyquist · ‎2025-01-09

Hello Aaron!
I have a question regarding the script that you wrote some time back.
I was planning on "borrowing" some code from you, if you don't mind, and I have two questions:
1. What is the certificate bundle used for? Is it "just" for the SSL connection when you download the "suspiciousdomains.txt" file, or does it have any use for the script?
My thinking is if it necessarily have to be the "cacert.pem" referenced in the script, or could it be one from a Check Point setup as well? As long as it has the CA cert chain for whatever is the server from where you download the "suspiciousdomains.txt" file from, correct?

Kind regards,

Jonas

Filters

Sort By

Categories

Auto-Updating custom URL block list

Requirements

Setup

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.