Threat Prevention CLI Commands
How to run commands from the CLI (Command Line Interface) to install Threat Prevention policy and for IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). and advanced Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. management.
In any case of conflict between the CLI commands and the SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. configuration, the CLI commands will be enforced.
mgmt_cli install-policy <options>
Description: Run this command on the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. to install the Threat Prevention policy on the specified Security Gateways.
Syntax: mgmt_cli install-policy <options>
Note: For more information, see Check Point Management API Reference.
te_add_file
Description: Use this command to manually send files for threat emulation. The command has to be run from expert mode. For a complete explanation of all the available parameters, run te_add_file
.
Syntax: te_add_file -f= <file path> -d= <directory path>
Parameter |
Description |
---|---|
-f= |
Specifies the path to the file. You must include the file name at the end of the path. |
-d= |
Specifies the path to a directory. The command takes all the files in the directory and sends them for emulation. |
Comments: ted is the Threat Emulation daemon.
tecli
The tecli
commands:
-
Control local cache
-
Show information about the Threat Emulation system
-
Run advanced options
-
Show status of emulation downloads, statistics and processes
-
Configure affinity for TED (Threat Emulation Daemon)
Description: Resets the emulation statistics for the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. or appliance.
Syntax: tecli advanced clear
Description: Deletes all the records in the local cache.
Syntax: tecli cache clean
Description: Enable and disable debug mode for Threat Emulation.
Syntax: tecli debug {on|off|scan local {enable|disable}}
Parameter |
Description |
---|---|
|
Enables debug mode |
|
Disables debug mode |
|
Enables the appliance or Security Gateway to scan local connection |
|
Disables the appliance or Security Gateway to scan local connection |
|
|
|
|
tecli show
commands show data and statistics about the Threat EmulationSoftware Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities.. You can also use abbreviated parameters to run tecli show
commands. These are some useful command combinations:
Command |
Description |
---|---|
|
Shows emulation statistics |
|
Shows information about ThreatCloud The cyber intelligence center of all of Check Point products. Dynamically updated based on an innovative global network of threat sensors and invites organizations to share threat data and collaborate in the fight against modern malware. emulation |
|
Shows the quota for ThreatCloud emulation |
|
Shows the current status of the emulation queue |
|
Shows all the parts of file emulation |
Description: Shows data and statistics about your ThreatCloud account.
Syntax: tecli show cloud {identity|info|quota}
Parameter |
Description |
---|---|
|
Shows data about how the Security Gateway or Threat Emulation appliance connects to the ThreatCloud |
|
Shows data about your file emulation in the ThreatCloud |
|
Shows data about your ThreatCloud monthly emulation quota |
|
|
|
|
Description: Shows data about Threat Emulation queue and VMs (Virtual Machines).
Syntax: tecli show emulator {emulations|vm {synopsis|detailed|id <ID>}}
Parameter |
Description |
---|---|
|
Shows the current status of the emulation queue |
|
Shows a summary of the VMs |
|
Shows data and details of the VMs |
|
Shows data for the VM with this ID |
|
|
|
|
Description: Shows data and statistics about files and rules that Threat Emulation is downloading.
Syntax: tecli show downloads {all|images|dr|sa|raw|types}
Parameter |
Description |
---|---|
|
Shows the status of all downloads |
|
Shows download status of operating system images |
|
Shows download status of malware detection rules |
|
Shows download status of static analysis rules |
|
Shows download status of general Threat Emulation files |
|
Shows the file extensions that are being sent for emulation |
|
|
|
|
Description: Shows data and statistics about the Threat Emulation appliance
Syntax: tecli s r i
or tecli show remote information
Description: Shows statistics to the Threat Emulation appliance or Security Gateway.
Syntax: tecli s s
or tecli show statistics
Description: Shows data about file emulation for each time interval.
Syntax: tecli show throughput {minute|hour|day|month}
Parameter |
Description |
---|---|
|
Shows how many files completed emulation for each minute |
|
Shows how many files completed emulation for each hour |
|
Shows how many files completed emulation for each day |
|
Shows how many files completed emulation for each month |
|
|
|
|
Description: Shows all the parts of file emulation:
-
Prepare
-
Processing
-
Finalizing
The output shows the number of files for each task in the emulation part.
Syntax: tecli u a
or tecli show unit all
|
Managing IPS Security Gateways through CLI
See the R81.10 CLI Reference Guide > Chapter IPS Commands > Section ips.
How to use the Threat Prevention CLI commands to manage IPS on your Security Gateways.