Threat Prevention API

What is the Threat Prevention Web API?

The Security Gateways inspect files intercepted from traffic. With the Threat Prevention API, you can upload files which were intercepted by traffic for inspection by the Security Gateways.

For example: The organizational Human Resources portal receives CVs from external users. When the files are sent directly to the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., the Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. process can take a few minutes, during which the user must wait for a message that the file was uploaded. To improve user experience and prevent the wait, you can keep these files in a separate container, let the user know that the files were uploaded, and only then use the API to send the files for inspection by the Security Gateway.

There are two types of Threat Prevention APIs:

Cloud API - Used for:
- Accessing the Security Gateway - Supports Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV. and Threat Emulation. For more details, see the Threat Prevention API Reference Guide.
- Directly accessing ThreatCloud The cyber intelligence center of all of Check Point products. Dynamically updated based on an innovative global network of threat sensors and invites organizations to share threat data and collaborate in the fight against modern malware. - Supports Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX., Anti-Virus and Threat Emulation. For more details, see the Threat Prevention API Reference
Local API on the Security Gateway - Supports Threat Extraction, Anti-Virus and Threat Emulation. For more details, see Using the Local Threat Extraction Web API and sk137032.

Using the Local Threat Extraction Web API

To use the Threat Extraction API, you need to create an API key. After you create the API key, you can use it to connect to the gateway and send files for extraction.

To create the Threat Extraction Web API key

Step	Instructions
1	In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., double-click the Security Gateway.
2	From the navigation tree, select Threat Extraction.
3	Select Enable API.
4	Install Policy.

The Web API key is created.

After the Web API key is created, you can deploy it to the clients.

To find the Web API key

Step	Instructions
1	Open the CLI.
2	Edit this file: `vi /opt/CPUserCheckPortal/phpincs/conf/TPAPI.ini`
3	The API key is in the `api_key` field. Note - You can change the api_key in the `TPAPI.ini` file. Changes are effective immediately.

Step

Instructions

Open the CLI.

Edit this file: vi /opt/CPUserCheckPortal/phpincs/conf/TPAPI.ini

The API key is in the api_key field.

Note - You can change the api_key in the TPAPI.ini file. Changes are effective immediately.

For more information, see sk113599.