The Check Point Threat Prevention API lets you use Threat Prevention products through web services.
Threat Prevention API calls can be used either to Threat-Cloud or to a local Appliance.
Here we focus on Threat Prevention API to Appliance.
We can use Threat Prevention API calls to an appliance, when we’d like to scan files and/or clean their suspicious parts, in an environment where these files don’t go through the gateway traffic, however there’s an appliance with Threat Emulation and/or Threat Extraction enabled.
Using API calls to Threat Emulation on the appliance, we detect whether files are malicious. This includes detecting unknown malware and Zero-day attacks.
Using API calls to Threat Extraction on the appliance, we proactively block malware and we are enabled to deliver reconstructed files to avoid delays.
Utilities
| Description | Attachment name |
|
A Python client side utility for using both Threat Emulation & Threat Extraction API calls to an appliance. The ReadMe.txt found inside, will guide you through. |
TPAPI_to_Appliance.zip |
|
A slim Python client side utility for just using Threat Emulation API calls to an appliance. The ReadMe.txt found inside, will guide you through. |
TE_API_to_Appliance.zip |
Video
Demonstrating the use of Threat Emulation API calls to Appliance via curl commands.
Documentation references
| Description | Link |
|
Threat Prevention API reference guide. Note: The guide is common to both Cloud API and Appliance API, except for Threat Extraction API to appliance. |
TPAPIRefGuide |
|
SK for using API to appliance that includes Threat Extraction. |
sk137032 |
| Using the Threat Emulation early malicious verdict feature via API (te_eb feature). | sk117168_chapter4 |
| Generating and retrieving the new Threat Emulation reports via API to appliance. | sk120357_chapter5 |
Enjoy
