Overview
Security Flow Checkpoint Plugin provides the ability to automate Check Point network analysis and firewall management.
Functionality
This plugin supports operations, which allow one to:
- Add a domain to a block list
- Remove a domain from a block list
- Send broadcast block/unblock domain events to any plugin configured to listen for the broadcast
Instance Configuration Parameters
Name for Check Point instance.
Unique name for the Check Point Instance.
IP or hostname where Check Point is running.
Valid user name for the Check Point server.
Valid password for the user name on the Check Point server.
Confirm valid password for the user name on the Check Point server.
Enabled by default. Broadcasts a DXL event to unblock the domain.
Enabled by default. Broadcasts a DXL event to block the domain.
Flow Nodes
The display name of the node within the flows.
ID name for the specific Checkpoint Instance. This ID is part of the DXL service name. “/nevelexlabs/service/checkpoint/[unique_id]”
This field provides the ability to:
- Add Block – add a domain to the block list,
- Delete Block – remove a domain from the block list.
Specifies the domain to be blocked or unblocked. The domain can be either the domain name (nevelex.com), an IP address (10.10.10.1) or an IP address range (10.1.2.3-10.4.5.6).This field defines the location from the message, flow, global, or JavaScript expression to use as the data source for the list operation. Additionally, the node context can also be changed. The following contexts are supported:
- msg. – This selects part of the incoming message as the source of the data. This is typical choice.
- flow. – This selects part of the flow context’s saved data as the source. This information is shared with only the nodes on a given tab.
- global. – This selects part of the global context’s saved data as the source. This information is shared by all nodes regardless of tab.
- J: expression – JSONata expression language to perform query and transform operations on the payload.
Checkbox to include subdomains in the block/unblock.
The display name of the node within the flows. This can be any name and is the name used to identify this node.
Block or Unblock for blocking or unblocking the domain named below. Currently the Block/Unblock Broadcast nodes are sent to the following plugins when the plugins are configured to listen for them: InfoBlox, McAfee Web Gateway (MWG), and Checkpoint:
- Block – Broadcasts a DXL event to block the domain configured by Domain
- Unblock – Broadcasts a DXL event to unblock the domain configured by Domain
Specifies which domain is to be blocked or unblocked (applies to all plugins configured to listen).
JSON Message Format
The following samples show the JSON content added to the message payload, which conform to Node Messaging Format. The content exists within the checkpoint object.
Login Success
The italicized, green text is inserted into the message payload upon a successful request.
"payload": {
"checkpoint": {
"uid": "ea6b168b-87d8-4ab6-9a8c-89c422dbde88",
"name": ".www.example.com",
"type": "dns-domain",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1478675596098,
"iso-8601": "2016-11-09T09:13+0200"
},
"last-modifier": "aa",
"creation-time": {
"posix": 1478675596098,
"iso-8601": "2016-11-09T09:13+0200"
},
"creator": "aa"
},
"tags": [],
"read-only": true,
"comments": "",
"color": "black",
"icon": "Objects/domain",
"is-sub-domain": false
}
}
Add Domain Success
The italicized, green text is inserted into the message payload upon a successful request. In this example the domain name to add is “www.example.com”:
"payload": {
"checkpoint": {
"uid": "session uid (used in add-access-rule and publish)",
"name": "www.example.com",
"type": "dns-domain",
"domain": {
"uid": "domainuid",
"name": "domain user",
"domain-type": "domain type"
},
"meta-info": {
"lock": "unlocked or locked",
"validation-state": "ok",
"last-modify-time": {
"posix" : "time in posix format",
"iso-8601" : "time in iso format"
},
"last-modifier": "a uid",
"creation-time": {
"posix" : "time in posix format",
"iso-8601" : "time in iso format"
},
"creator": "a uid"
},
"tags": [],
"read-only": true or false,
"comments": "",
"color": "black",
"icon": "Objects/domain",
"is-sub-domain": true or false
}
}
Delete Success
The italicized, green text is inserted into the message payload upon a successful request.
"payload": {
"checkpoint":
{
"message" : "OK"
}
}
Error
The italicized, maroon text is inserted into the message payload upon a failed request..
"payload": {
"checkpoint": {
"message": " run-time error (such as License Expired)"
}
}
}
Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921
©Nevelex Labs, LLC. 2018-2024, All Rights Reserved.
EULA