Threat Prevention API

What is the Threat Prevention Web API?

The Security Gateways inspect files intercepted from traffic. With the Threat Prevention API, you can upload files which were intercepted by traffic for inspection by the Security Gateways.

For example: The organizational Human Resources portal receives CVs from external users. When the files are sent directly to the Security Gateway, the Threat Emulation process can take a few minutes, during which the user must wait for a message that the file was uploaded. To improve user experience and prevent the wait, you can keep these files in a separate container, let the user know that the files were uploaded, and only then use the API to send the files for inspection by the gateway.

There are two types of Threat Prevention API:

• Cloud API which supports Anti-Virus, Threat Emulation and Threat Extraction. For more details on the Threat Prevention API, see the Threat Prevention API 1.0 Reference Guide.
• Local API on the gateway which supports only Threat Extraction.

Using the Local Threat Extraction Web API

To use the Threat Extraction API, you need to create an API key. After you create the API key, you can use it to connect to the gateway and send files for extraction.

To create the Threat Extraction Web API key:

1. In SmartConsole, double-click the gateway.
2. From the navigation tree, select Threat Extraction.
3. Select Enable API.
4. Install Policy.

The Web API key is created.

After the Web API key is created, you can deploy it to the clients.

To find the Web API key:

1. Open the CLI.
2. Open this file: vi/opt/CPUserCheckPortal/phpincs/conf/TPAPI.ini
3. The API key is in the api_key field.

   Note - You can change the api_key in the TPAPI.ini file. Changes are effective immediately.

For more information, see sk113599.