Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
asher
Contributor

How to see all files that blocked in threat emulation

Hello

 

We have gateway appliance that working with remote threat emulation to emulation appliances.

We have external dashboard that presents lists of all files that blocked on others cyber products with few details: filename hash, url or email from where files download or sent.

We want to send details also from checkpoint sandblast with api or other scripts to that dashboard.

Any ideas?

 

I tried to use tecli commands but I didnt see file names of malicious files, I see only hashes and I cant create trigger to export the details to the External dashboard.

  •  
3 Replies
PhoneBoy
Admin
Admin

There are no specific APIs to pull this information.
Best to pull the relevant details from the logs.
These can be pulled from the CLI using CPLogFilePrint and parsed by a script.

asher
Contributor

There is SK for that command how we use it?

PhoneBoy
Admin
Admin

It's not documented in an SK, mostly because the format of the output from that command can change from version to version.
I'm also not 100% sure the information will be contained in the logs.

Log Exporter to a syslog server might also be an option and you'll have to parse the info from that.

In any case, if you want a supported API for this, it will have to be handled as an RFE, possibly with your local Check Point office.