The Check Point Threat Prevention API lets you use Threat Prevention products through web services.
Threat Prevention API calls can be used either to Threat-Cloud or to a local Appliance.
Here we focus on Threat Prevention API to Appliance.
We can use Threat Prevention API calls to an appliance, when we’d like to scan files and/or clean their suspicious parts, in an environment where these files don’t go through the gateway traffic, however there’s an appliance with Threat Emulation and/or Threat Extraction enabled.
Using API calls to Threat Emulation on the appliance, we detect whether files are malicious. This includes detecting unknown malware and Zero-day attacks.
Using API calls to Threat Extraction on the appliance, we proactively block malware and we are enabled to deliver reconstructed files to avoid delays.
Utilities
Description |
Attachment name |
A Python client side utility for using both Threat Emulation & Threat Extraction API calls to an appliance.
The ReadMe.txt found inside, will guide you through. |
TPAPI_to_Appliance.zip |
A slim Python client side utility for just using Threat Emulation API calls to an appliance.
The ReadMe.txt found inside, will guide you through. |
TE_API_to_Appliance.zip |
Video
Demonstrating the use of Threat Emulation API calls to Appliance via curl commands.


Documentation references
Description |
Link |
Threat Prevention API reference guide.
Note: The guide is common to both Cloud API and Appliance API, except for Threat Extraction API to appliance. |
TPAPIRefGuide |
SK for using API to appliance that includes Threat Extraction.
|
sk137032 |
Using the Threat Emulation early malicious verdict feature via API (te_eb feature). |
sk117168_chapter4 |
Generating and retrieving the new Threat Emulation reports via API to appliance. |
sk120357_chapter5 |
Enjoy