This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mszastak
Explorer
‎2020-10-19 04:04 AM

Automate CloudGuard to check and upload new snort rules via API

Hi,
I am looking for the documentation where I can be able to configure CloudGuard to have new snort rules uploaded via API. I have some TI snort rules every week and API to get new rules but I do not see any function in CloudGuard to have it automated to check, download and apply these rules from 3rd part. Thank you in advance.

Regards,
Matt

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-10-19 06:55 AM

This is covered in the Threat Prevention Admin guide: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/...

Note we do not support all snort signature attributes (refer to manual for precise limitations).
For the signatures to take effect on the gateways, a Threat Prevention policy install will be required.

mszastak
Explorer
‎2020-10-21 02:04 AM
In response to PhoneBoy

Thank you @PhoneBoy  ! This should works I guess. One question more.

Adding a file with this text inside only should works or I need to convert it to a json?

rule.txt

alert tcp any any -> any any (msg:"Possible exploit"; content:"|90|";)

0 Kudos