Tomer Sole

Did you know? Add Snort Protections with R80.10 API

Discussion created by Tomer Sole Expert on Apr 9, 2018
Latest reply on Apr 9, 2018 by Tomer Sole

1. Place the snort protections file on your Management server

 

2. Import it to your Security Management Server:

 

a. Login with valid Check Point admin credentials, so that the change will be audited by the relevant admin account.

mgmt_cli login user "[username]" password "[password]"

 

b. Import the protections file

mgmt_cli add threat-protections package-path "/path/to/community.rules" package-format "snort"

 

c. This command is asynchronous and returns a task ID. Track the progress of this task either with the "show task" command:

mgmt_cli show task task-id "2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb"

(given 2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb as the "task-id" value in the result of step b)

or with this utility Using a-synchronous commands (e.g. publish, install-policy and run-script) 

 

d. Publish your changes 

mgmt_cli publish 

 

e. The "publish" command is also asynchronous, so you will need to track its progress similar to step c

 

f. Install Policy 

mgmt_cli install-policy policy-package "standard" access true threat-prevention true targets.1 "corporate-gateway"

 

g. The "install-policy" command is also asynchronous, so you will need to track its progress similar to step c

 

 

Now you can add your custom protections or connect between your feeds and the gateway automatically. Audit logs and SmartConsole UI reflect this change.

Outcomes