This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
asher
Contributor
‎2020-04-28 06:22 AM

How to see all files that blocked in threat emulation

Hello

 

We have gateway appliance that working with remote threat emulation to emulation appliances.

We have external dashboard that presents lists of all files that blocked on others cyber products with few details: filename hash, url or email from where files download or sent.

We want to send details also from checkpoint sandblast with api or other scripts to that dashboard.

Any ideas?

 

I tried to use tecli commands but I didnt see file names of malicious files, I see only hashes and I cant create trigger to export the details to the External dashboard.

  •  
3 Replies
PhoneBoy
Admin
Admin
‎2020-04-28 10:35 AM

There are no specific APIs to pull this information.
Best to pull the relevant details from the logs.
These can be pulled from the CLI using CPLogFilePrint and parsed by a script.

asher
Contributor
‎2020-04-28 12:38 PM
In response to PhoneBoy

There is SK for that command how we use it?

PhoneBoy
Admin
Admin
‎2020-04-28 03:42 PM
In response to asher

It's not documented in an SK, mostly because the format of the output from that command can change from version to version.
I'm also not 100% sure the information will be contained in the logs.

Log Exporter to a syslog server might also be an option and you'll have to parse the info from that.

In any case, if you want a supported API for this, it will have to be handled as an RFE, possibly with your local Check Point office.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events