Threat Prevention API

What is the Threat Prevention Web API?

The Security Gateways inspect files intercepted from traffic. With the Threat Prevention API, you can upload files which were intercepted by traffic for inspection by the Security Gateways.

For example: The organizational Human Resources portal receives CVs from external users. When the files are sent directly to the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., the Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. process can take a few minutes, during which the user must wait for a message that the file was uploaded. To improve user experience and prevent the wait, you can keep these files in a separate container, let the user know that the files were uploaded, and only then use the API to send the files for inspection by the Security Gateway.

There are two types of Threat Prevention APIs:

Both API types support Anti-VirusClosed Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV., Threat Emulation and Threat ExtractionClosed Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX..

To access ThreatCloudClosed The cyber intelligence center of all of Check Point products. Dynamically updated based on an innovative global network of threat sensors and invites organizations to share threat data and collaborate in the fight against modern malware. through the Threat Prevention API, use the cloud API.

To access a local Security Gateway through the Threat Prevention API:

  • For Anti-Virus and Threat Emulation you can use both types. If you select the cloud API please refer see the Accessing the API chapter in the Threat Prevention API Reference Guide.

  • For Threat Extraction, you can only use the local API.

Using the Local Threat Extraction Web API

To use the Threat Extraction API, you need to create an API key. After you create the API key, you can use it to connect to the gateway and send files for extraction.

The Web API key is created.

After the Web API key is created, you can deploy it to the clients.

For more information, see sk113599.