Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mszastak
Explorer

Automate CloudGuard to check and upload new snort rules via API

Hi,
I am looking for the documentation where I can be able to configure CloudGuard to have new snort rules uploaded via API. I have some TI snort rules every week and API to get new rules but I do not see any function in CloudGuard to have it automated to check, download and apply these rules from 3rd part. Thank you in advance.

Regards,
Matt

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

This is covered in the Threat Prevention Admin guide: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/...

Note we do not support all snort signature attributes (refer to manual for precise limitations).
For the signatures to take effect on the gateways, a Threat Prevention policy install will be required.

mszastak
Explorer

Thank you @PhoneBoy  ! This should works I guess. One question more.

Adding a file with this text inside only should works or I need to convert it to a json?

rule.txt

alert tcp any any -> any any (msg:"Possible exploit"; content:"|90|";)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events