This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ofer_Fichman
Employee Alumnus
Employee Alumnus
‎2020-04-22 11:07 AM
Jump to solution

Best Practices for Threat Prevention API Calls to Appliance

The Check Point Threat Prevention API lets you use Threat Prevention products through web services.   

Threat Prevention API calls can be used either to Threat-Cloud or to a local Appliance.

Here we focus on Threat Prevention API to Appliance.

We can use Threat Prevention API calls to an appliance, when we’d like to scan files and/or clean their suspicious parts, in an environment where these files don’t go through the gateway traffic, however there’s an appliance with Threat Emulation enabled and/or Threat Extraction enabled.

Using API calls to Threat Emulation and/or Anti Virus  on the appliance, we detect whether files are malicious. Threat Emulation includes detecting unknown malware and Zero-day attacks.

Using API calls to Threat Extraction on the appliance, we proactively block malware and we are enabled to deliver reconstructed files to avoid delays.

 

Utilities

Name Description Link
tp_api ALL IN ! Threat Emulation API, Threat Extraction API and Anti Virus API calls to an appliance.

https://github.com/CheckPointSW/appliance_tpapi/tree/master/tp_api

te_api

Threat Emulation API calls to an appliance

https://github.com/CheckPointSW/appliance_tpapi/tree/master/te_api
tex_api Threat Extraction API calls to an appliance

https://github.com/CheckPointSW/appliance_tpapi/tree/master/tex_api
av_api Anti Virus API calls to an appliance

https://github.com/CheckPointSW/appliance_tpapi/tree/master/av_api

 

Video

Demonstrating the use of Threat Emulation API calls to Appliance  via curl commands.

PhoneBoy_1-1587582234251.gif

(view in My Videos)

PhoneBoy_0-1587582223457.gif

Documentation references

Description Link

Threat Prevention API reference guide.

Note: The guide is common to both Cloud API and Appliance API, except for  Threat Extraction API to appliance.		 TPAPIRefGuide 

SK for using API to appliance that includes Threat Extraction.

 sk137032 
Using the Threat Emulation early malicious verdict feature via API (te_eb feature). sk117168_chapter4 
Generating and retrieving the new Threat Emulation reports via API to appliance. sk120357_chapter5 

 

Enjoy

5 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events