Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hugo_vd_Kooij
Advisor
Jump to solution

Customized activation Criteria

With IPS there is a simple mechansme to activate new (and updated???) entries based on a few simple crieria.

However we notice that customers are not please with this and want a more granular setting.

Is there away to automate this? I could not find this in the API manual.

Say I want to build a matix based on Confidence + Severity + Performance Impact and descide for each combination wether or not I want it active. Then I would like to automate this to adjust each IPS protection based on the rules in the matrix.

I would like to automate this in a way like this:

 1. Get a list of IPS protections with the 3 variables above.

 2. Base on my matrix either enable or disable each protection.

My questions:

 1. Is this description clear enough?

 2. Can this be done?

 

 

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

This API should return IPS protections with the requested parameters: https://sc1.checkpoint.com/documents/latest/APIs/#cli/show-threat-protection~v1.9.1%20 
I assume they can be activated/changed in a specific profile with https://sc1.checkpoint.com/documents/latest/APIs/#cli/set-threat-protection~v1.9.1%20 

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

This API should return IPS protections with the requested parameters: https://sc1.checkpoint.com/documents/latest/APIs/#cli/show-threat-protection~v1.9.1%20 
I assume they can be activated/changed in a specific profile with https://sc1.checkpoint.com/documents/latest/APIs/#cli/set-threat-protection~v1.9.1%20 

0 Kudos
Hugo_vd_Kooij
Advisor

So I would get the list through `show-threat-protections` And repeat untill the list is complete. The go over the list and get the details. Then finaly see if they need to be adjusted and send in the adjustments.

Sounds like a project for a rainy afternoon. Which may happen soon enough. But today is rather sunny.

 

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
PhoneBoy
Admin
Admin

There are a LOT of protections, thus a lot of API calls with limit/offset.
Definitely a "rainy afternoon" project...which will come soon enough, I'm sure.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events