The Check Point Threat Prevention API lets you use Threat Prevention products through web services.
Threat Prevention API calls can be used either to Threat-Cloud or to a local Appliance.
Here we focus on Threat Prevention API to Appliance.
We can use Threat Prevention API calls to an appliance, when we’d like to scan files and/or clean their suspicious parts, in an environment where these files don’t go through the gateway traffic, however there’s an appliance with Threat Emulation enabled and/or Threat Extraction enabled.
Using API calls to Threat Emulation and/or Anti Virus on the appliance, we detect whether files are malicious. Threat Emulation includes detecting unknown malware and Zero-day attacks.
Using API calls to Threat Extraction on the appliance, we proactively block malware and we are enabled to deliver reconstructed files to avoid delays.
Utilities
Video
Demonstrating the use of Threat Emulation API calls to Appliance via curl commands.
Documentation references
Description |
Link |
Threat Prevention API reference guide.
Note: The guide is common to both Cloud API and Appliance API, except for Threat Extraction API to appliance. |
TPAPIRefGuide |
SK for using API to appliance that includes Threat Extraction.
|
sk137032 |
Using the Threat Emulation early malicious verdict feature via API (te_eb feature). |
sk117168_chapter4 |
Generating and retrieving the new Threat Emulation reports via API to appliance. |
sk120357_chapter5 |
Enjoy