I have set up a lab to demonstrate the use of the API to pass files to an on-premise SandBlast Threat Emulation Appliance for scanning for zero-day threats.

This allows organistations to have almost any part of their infrastructure refer files to SandBlast.

We have seen several use cases, but the most common is a web infrastructure that accepts files from external users and passes them into a workflow system in the organistation's infrastructure.

• • Customer wants to open a new account, and must provide proof of ID or other supporting document
  • Customer has opened an insurance claim and must provide evidence of damage

These files can be accepted by the web appication server from the customer, then checked for threats before passing on to the organistation's internal workflow system.

The web infrastructure will receive a verdict from Check Point SandBlast and can then decide what to do, depending on the organisation's needs.

The demonstration is created in a lab environment, which is documented in the video and the attached pdf file.

The script used in the lab was created by Thomas Werner, and is available and documented here:

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Using-SandBlast-API-from-commandl...

Video of the demo with walk-through and explanation: