Developer & DevSecOps

Explore popular DevSecOps use cases and learn how to seamlessly automate security through the entire application lifecycle.

DevSecOps and Automation Use Cases

Environments: Langauges: Functionality:

Check Point API Python Development Kit

Simplifies the use of the Check Point Management APIs. The kit contains the API library files, and sample files demonstrating the capabilities of the library. The kit is compatible with python 2 and 3.

Tags: #management #gaia #python #operate
Check Point CloudGuard IaaS Repository Overview

The repository contains: Solution/CloudFormation templates Tools and scripts that can be used with CloudGuard for Public Cloud solutions Deprecated Solution/CloudFormation templates Community-supported content

Tags: #cloudguard-iaas #azure #aws #gcp #azure-stack #cft #terraform #bash #python #typescript #deploy #operate

As malicious threats evolve, the necessity in automated procedures to analyze evasion is rising. Here we provide a collection of all the known techniques to detect virtualized environments used by threats grouped by categories.

Tags: #evasion #malware #operate
Check Point Ansible Collection

This Ansible collection provides control over a Check Point Management server using Check Point's web-services APIs.

Tags: #ansible #staging #operate
Reputation service API

You can now take control of new Threat Prevention APIs powered by the largest Threat Cloud in the industry. All APIs are RESTful, simple to use and can be integrated as part of a SOAR application, home-made application and more!

Tags: #malware #evasion #operate
Export Import Policy Package

Check Point ExportImportPolicyPackage tool enables you to export a policy package from a Management database to a .tar.gz file, which can then be imported into any other Management database. The tool is supported for version R80.10 and above.

Tags: #management #operate
Smart Move

Check Point SmartMove tool enables you to convert 3rd party database with firewall security policy and NAT to Check Point database.

Tags: #management #staging #operate
Scout - Instruction based research debugger

"Scout" is an extendable basic debugger that was designed for use in those cases that there is no built-in debugger / gdb-stub in the debugee process / firmware. The debugger is intended to be used by security researchers in various scenarios

Tags: #build
Check Point Nano agent

Check Point Nano-Agents are an integral part of Generation VI security solutions platform. The following repository contains Check Point Nano-Services and attachments, the building blocks of Nano-Agents. It is an open source created to allow the community to view and add additional agents which will provide Check Point security to additional environments.

Tags: #operate
Check Point mgmt api go sdk

Check Point API Go Development Kit simplifies the use of the Check Point Management APIs. The kit contains the API library files, and sample files demonstrating the capabilities of the library.

Tags: #management #gaia #go #operate
Check Point Helm Charts Repository

This repository hosts Check Points Helm Charts for deploying applications to Kubernetes.

Tags: #deploy #operate #Helm
Cuckoo SandBox on AWS

The project is an extension to Cuckoo Sandbox open source project; it adds support to AWS cloud functionalities and enables running emulations on auto-scaling infrastructure.

Tags: #operate #aws

InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them. Also, you can add and expand existing techniques yourself even without modifying the source code.

Tags: #deploy #operate #evasion #malware

Check Point PolicyCleanUp tool allows automatic cleanup of your policy based on hits count. The tool runs on a policy and a domain that you named.

Tags: #management #operate

The Show Package Tool allows the Security Policy as well as objects in the objects database to be exported into a readable format. This exported information represents a snapshot of the database.

Tags: #management #operate

"Karta" (Russian for "Map") is an IDA Python plugin that identifies and matches open-sourced libraries in a given binary. The plugin uses a unique technique that enables it to support huge binaries (>200,000 functions), with almost no impact on the overall performance.

Tags: #python #build
macOS MalwarePedia - Online malware encyclopdia

With a massive growth in new malware and infections, macOS security awareness is now more important than ever. Yet many people believe that if they are using macOS they are safe and should not be concerned about getting infected. Even though malware for macOS is years behind Windows malware in the sense of sophistication, complexity and number of infections, macOS malware is becoming more sophisticated as time goes by. Furthermore, it uses more ways to infect, evade and abuse the macOS architecture to deliver malware, for example - using applications signed with legitimate Apple developer certificates to avoid detection.

Tags: #maleware #evasion #operate
Update Dynamic Objects

This page documents Python scripts that could be used to update dynamic objects over multiple remote access methods.

Tags: #gaia #python #operate
Query Oriented Programming

QOP is our approach in implementing common pwning primitives using nothing but SQL queries. We want to share with the community in the hope of encouraging researchers to pursue the endless possibilities of database engines exploitation.

Tags: #python #operate
smart console interactions

A JavaScript library to interact with SmartConsole Extension Platform

Tags: #management #javascript #operate
Cyber Research

Tags: #maleware #operate
Export Objects

Check Point ExportObjects tool enables you to export specific types of objects from a R80.10 Management database to a .csv file, which can then be imported into any other R80.10 Management database. This tool can be used for backups, database transfers, testing, and more.

Tags: #management #operate
Local To Global

Check Point LocalToGlobal tool enables you to copy objects from a local domain to the global domain.

Tags: #management #operate

Labeless is a plugin system for dynamic, seamless and realtime synchronization between IDA Database and debug backend. It consists of two parts: IDA plugin and debug backend's plugin.

Tags: #operate
Check Point App For Splunk

Check Point brings an advanced and real-time threat analysis and reporting tool for Splunk. The Check Point App for Splunk allows you to respond to security risks immediately and gain true insights about your network. You can collect and analyze millions of logs from all Check Point technologies and platforms across networks, Cloud, Endpoints and Mobile. This app uses the Check Point Log Exporter to seamlessly send logs from your Check Point log servers to your Splunk server

Tags: #splunk #operate

Software Defined Networks (SDN) is a paradigm for centrally controlling the behavior of network switches with a standard protocol (e.g., OpenFlow). The logic for forwarding the traffic in the network is centralized in a single software component called the controller.

Tags: #operate #deploy

This repository contains the source code for the cpmonitor - dump analyzing tool.

Tags: #gaia #operate
Android Application's Native Fuzzer

This tool consists of several parts including patched version of Android Runtime (, dalvikvm tool, GLib, QEMU and AFL. The assembly of these tools eventually allows to fuzz a user custom lib wrapped in a DEX file on an actual Android device or an ARM device emulator.

Tags: #android #operate
Check Point API Java Development Kit

Check Point API Java Development Kit simplifies the usage of the Check Point R80.10 Management APIs. The kit contains the API library project, and a sample project demonstrating the capabilities of the library.

Tags: #management #operate #deploy #java
Check Point API C# Development Kit

Check Point API C# Development Kit simplifies the usage of the Check Point R80.10 Management APIs. The kit contains the API library project, and sample projects demonstrating the capabilities of the library.

Tags: #management #operate #deploy #c#
Android Unpacker

The tool is a patched version of AOSP with some additional scripts. The scripts executes the emulator and installs the APK. Following execution, it dumps the unpacked version of the DEX using different hooks. The result is two files, one of them should be the real dumped version of the DEX file, depending on how the targeted packer works.

Tags: #research #android #malware #operate
Debug Instrumentation via Flash ActionScript

Common exploits. Browser plug-ins have always been an attractive target for attackers to exploit. In the last couple of years, the most prevalent attack platform was undoubtedly – Flash. With 250+ CVEs in 2016 alone, and incorporation in practically every exploit kit, Flash exploits are everywhere and deserve our attention.

Tags: #research #flash #operate

Welcome to Check Point API Reference

Check Point offers a variety of APIs, click to open the one that fits your automation needs.
For open source tools and samples, visit our Github account.


Configure and view the security policy and objects in a Security Management Server or Multi Domain Server using CLI tools and web-services


Configure and view Check Point’s Gaia operating system parameters using CLI tools and web-services


Cloud based next-generation
Threat Prevention and Threat Extractions APIs


Control Identity Awareness database for dynamic identity based enforcement


REST APIs of Management Cloud Service for SMB gateways


Connect your discovery engine to Check Point Security Management, to provide rich asset information and security policies for IoT

CloudGuard Connect

REST API for managing cloud-delivered security for your branch offices.


Using this API, developers can gain access to their Dome9 entities (e.g. alerts, compliance rules, Clarity, access leases, …) and cloud-inventory assets.



Allow developers to shift-left and build more secure applications. Safeguard your applications by embedding security controls into the logic of your applications, eliminate the threats associated with exposing users to content that comes from sources you cannot trust or control Integrate Check Point ThreatCloud APIs to validate security, exposing malicious URLs, files, domains, IOCs, etc. with the strongest levels for threat intelligence.

Protect your users from malicious content

Leverage the world’s leading threat intelligence, zero-day malware analysis and prevention engines to secure your business applications and websites by using simple RESTful APIs.

API Services

URL Reputation

Reputation for URLs, Domains, IPs, File digests

File Scanning

Scan files for rapid in-depth sandbox malware analysis and verdict

Document Sanitization

Sanitize and neutralize malicious elements from documents

Use Case

Whether your users can upload files via your website or a dedicated application, block malicious content by using ThreatCloud API at any stage of your application.

Use Case

Whether your users upload URLs, Domains, or IPs via your website or a dedicated application, block malicious content by using ThreatCloud API at any stage of your application.

Vulnerabilty Management

Developers want to move fast and deploy new features. In order to do so, they often leverage existing 3rd party libraries, binaries, and modules. Given that these are mainly open source, any known vulnerabilities become your vulnerabilities.

DevSec needs to make sure that whatever version is being run, has up-to-date patches for these vulnerabilities. For this reason, all applications, especially those using 3rd party sources, should be scanned automatically in order to continuously detect vulnerable libraries, binaries, modules – remediating risk.

SourceGuard’s CLI cross-platform tool is designed to secure:

  1. Register, activate & login at: Check Point Infinity Portal
  2. From the available services menu, choose “SourceGuard” and hit “Try Now”


SourceGuard does not upload the source code of the scanned files to the cloud. The scanning is done locally. The final report and findings are sent to the cloud. Sensitive findings are also partially hashed for privacy reasons.

Check Point SourceGuard is subject to the above guidelines and to Check Point’s EULA and Privacy Policy.

Use Case

Integrate SourceGuard into your CI/CD pipeline so vulnerable code will never make it into the container registry or your K8s cluster in production.

Use Case

Integrate SourceGuard into your CI/CD pipeline so vulnerable code will never make it into production



Security no longer needs to be slow. Integrate Check Point’s state of the art technologies to your CI/CD pipeline using our RESTful APIs. (Something about deploying in the cloud or injecting security auditing into agile development.)

Automation with Ansible, Terraform & Cloud Templates

Automate repeatable environments deployment and configuration using DevSecOps toolset to accelerate your security posture and eliminate manual errors.

Ansible Module

Use the Check Point Ansible security module to configure and automate common infrastructure security tasks

Supported on:

R.80 Management Cloud
Guard IaaS Gateway

Terraform Module

Use the Check Point Terrafom module to orchestrate you infrastructure and configure your security network and endpoint products

Supported on:

CloudGuard Dome9
R80 Management
CloudGuard IaaS Gateway

Cloud Deployment Templates

Use Check Point’s pre-defined deployment templates such as CloudFormation (CFT), Azure Resource Manager (ARM) & Cloud Deployment Manager (CDM) to instantly deploy your cloud infrastructure integrated with Check Point’s products

Supported on:

R.80 Management (+icon)
Guard IaaS Gateway

Use Case

Use Ansible, Terraform, or native Cloud Templates to deploy simple and complex infrastructures. In this example an online gaming company deploying its services across AWS and Azure.

By using Check Point’s integration wrappers, Automation and Orchestration becomes a straight forward task for DevOps and IT.

In our use case example, an online company deploys its services across different cloud provides (e.g. AWS and Azure) to achieve “best of breed” approach.

To deploy and orchestrate such a complex infrastructure Automation becomes a must have. Check Point provides the following integration wrappers to its products:

Function as a Service

The CloudGuard serverless security solution continuously scans your serverless infrastructure, code, and runtime environment. Utilizing machine-based analysis and deep learning algorithms, CloudGuard builds a model of normal application and function behavior to detect and stop application layer attacks.

Use Case

Integrate CloudGuard into your CI/CD pipeline to analyze workloads. One severe risk is developers creating functions with overly permissive permissions.




Streamline your day-to-day security processes with Check Point RESTful APIs, Ansible and Terraform modules, and a variety of programming languages SDKs.

SIEM/SOAR Integrations

Streamline your security processes into external SIEM and System Management by using Check Point’s extensive RESTFul APIs, Python, GO, C# Development Kits

Automate your security operations

Check Point enables you to automate all management functionalities via its rich and intuitive APIs for cloud, on-premises and EndPoint environments


Automate your security deployments and configurations on-premises, across branch locations, in private and public clouds


Ensure that your public cloud infrastructure conforms to regulatory compliance requirements and security best practices at all times


Automate remediation, containment, and mitigation solutions that accelerate the resolution of dangerous misconfigurations

Use Case

Upgrade your GWs or automate real-time queries and configurations using Check Point’s flexible APIs and development kits for easy integration

Auto-Remediation with CloudBots

Powered by Check Point CloudGuard, CloudBots provide intelligent auto-remediation, deployed directly in your cloud environment, ensuring ultimate protection

Auto-remediate compliance issues, such as an unencrypted S3 bucket during runtime. CloudGuard identifies compliance violations and triggers CloudBot to automatically remediate them. Use Check Point’s rich pre-defined remediation functions or write your own remediation procedure

Use Case

Encrypt S3 bucket

Use Case

Shutdown an infected VM

Use Case

Close unnecessary Firewall ports

Cyber Security Community of Check Point users, experts, and R&D
Cumulative API Reference page
This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO