Developer & DevSecOps
Explore popular DevSecOps use cases and learn how to seamlessly automate security through the entire application lifecycle.
DevSecOps and Automation Use Cases
Simplifies the use of the Check Point Management APIs. The kit contains the API library files, and sample files demonstrating the capabilities of the library. The kit is compatible with python 2 and 3.
The repository contains: Solution/CloudFormation templates Tools and scripts that can be used with CloudGuard for Public Cloud solutions Deprecated Solution/CloudFormation templates Community-supported content
As malicious threats evolve, the necessity in automated procedures to analyze evasion is rising. Here we provide a collection of all the known techniques to detect virtualized environments used by threats grouped by categories.
This Ansible collection provides control over a Check Point Management server using Check Point's web-services APIs.
You can now take control of new Threat Prevention APIs powered by the largest Threat Cloud in the industry. All APIs are RESTful, simple to use and can be integrated as part of a SOAR application, home-made application and more!
Check Point ExportImportPolicyPackage tool enables you to export a policy package from a Management database to a .tar.gz file, which can then be imported into any other Management database. The tool is supported for version R80.10 and above.
Check Point SmartMove tool enables you to convert 3rd party database with firewall security policy and NAT to Check Point database.
"Scout" is an extendable basic debugger that was designed for use in those cases that there is no built-in debugger / gdb-stub in the debugee process / firmware. The debugger is intended to be used by security researchers in various scenarios
Check Point Nano-Agents are an integral part of Generation VI security solutions platform. The following repository contains Check Point Nano-Services and attachments, the building blocks of Nano-Agents. It is an open source created to allow the community to view and add additional agents which will provide Check Point security to additional environments.
Check Point API Go Development Kit simplifies the use of the Check Point Management APIs. The kit contains the API library files, and sample files demonstrating the capabilities of the library.
This repository hosts Check Points Helm Charts for deploying applications to Kubernetes.
The project is an extension to Cuckoo Sandbox open source project; it adds support to AWS cloud functionalities and enables running emulations on auto-scaling infrastructure.
InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them. Also, you can add and expand existing techniques yourself even without modifying the source code.
Check Point PolicyCleanUp tool allows automatic cleanup of your policy based on hits count. The tool runs on a policy and a domain that you named.
The Show Package Tool allows the Security Policy as well as objects in the objects database to be exported into a readable format. This exported information represents a snapshot of the database.
"Karta" (Russian for "Map") is an IDA Python plugin that identifies and matches open-sourced libraries in a given binary. The plugin uses a unique technique that enables it to support huge binaries (>200,000 functions), with almost no impact on the overall performance.
With a massive growth in new malware and infections, macOS security awareness is now more important than ever. Yet many people believe that if they are using macOS they are safe and should not be concerned about getting infected. Even though malware for macOS is years behind Windows malware in the sense of sophistication, complexity and number of infections, macOS malware is becoming more sophisticated as time goes by. Furthermore, it uses more ways to infect, evade and abuse the macOS architecture to deliver malware, for example - using applications signed with legitimate Apple developer certificates to avoid detection.
This page documents Python scripts that could be used to update dynamic objects over multiple remote access methods.
QOP is our approach in implementing common pwning primitives using nothing but SQL queries. We want to share with the community in the hope of encouraging researchers to pursue the endless possibilities of database engines exploitation.
Check Point ExportObjects tool enables you to export specific types of objects from a R80.10 Management database to a .csv file, which can then be imported into any other R80.10 Management database. This tool can be used for backups, database transfers, testing, and more.
Check Point LocalToGlobal tool enables you to copy objects from a local domain to the global domain.
Labeless is a plugin system for dynamic, seamless and realtime synchronization between IDA Database and debug backend. It consists of two parts: IDA plugin and debug backend's plugin.
Check Point brings an advanced and real-time threat analysis and reporting tool for Splunk. The Check Point App for Splunk allows you to respond to security risks immediately and gain true insights about your network. You can collect and analyze millions of logs from all Check Point technologies and platforms across networks, Cloud, Endpoints and Mobile. This app uses the Check Point Log Exporter to seamlessly send logs from your Check Point log servers to your Splunk server
Software Defined Networks (SDN) is a paradigm for centrally controlling the behavior of network switches with a standard protocol (e.g., OpenFlow). The logic for forwarding the traffic in the network is centralized in a single software component called the controller.
This repository contains the source code for the cpmonitor - dump analyzing tool.
This tool consists of several parts including patched version of Android Runtime (libart.so), dalvikvm tool, GLib, QEMU and AFL. The assembly of these tools eventually allows to fuzz a user custom lib wrapped in a DEX file on an actual Android device or an ARM device emulator.
Check Point API Java Development Kit simplifies the usage of the Check Point R80.10 Management APIs. The kit contains the API library project, and a sample project demonstrating the capabilities of the library.
Check Point API C# Development Kit simplifies the usage of the Check Point R80.10 Management APIs. The kit contains the API library project, and sample projects demonstrating the capabilities of the library.
The tool is a patched version of AOSP with some additional scripts. The scripts executes the emulator and installs the APK. Following execution, it dumps the unpacked version of the DEX using different hooks. The result is two files, one of them should be the real dumped version of the DEX file, depending on how the targeted packer works.
Common exploits. Browser plug-ins have always been an attractive target for attackers to exploit. In the last couple of years, the most prevalent attack platform was undoubtedly Flash. With 250+ CVEs in 2016 alone, and incorporation in practically every exploit kit, Flash exploits are everywhere and deserve our attention.
Welcome to Check Point API Reference
Check Point offers a variety of APIs, click to open the one that fits your automation needs.
For open source tools and samples, visit our Github account.
Allow developers to shift-left and build more secure applications. Safeguard your applications by embedding security controls into the logic of your applications, eliminate the threats associated with exposing users to content that comes from sources you cannot trust or control Integrate Check Point ThreatCloud APIs to validate security, exposing malicious URLs, files, domains, IOCs, etc. with the strongest levels for threat intelligence.
Protect your users from malicious content
Leverage the world’s leading threat intelligence, zero-day malware analysis and prevention engines to secure your business applications and websites by using simple RESTful APIs.
Reputation for URLs, Domains, IPs, File digests
Scan files for rapid in-depth sandbox malware analysis and verdict
Sanitize and neutralize malicious elements from documents
Whether your users can upload files via your website or a dedicated application, block malicious content by using ThreatCloud API at any stage of your application.
Whether your users upload URLs, Domains, or IPs via your website or a dedicated application, block malicious content by using ThreatCloud API at any stage of your application.
Developers want to move fast and deploy new features. In order to do so, they often leverage existing 3rd party libraries, binaries, and modules. Given that these are mainly open source, any known vulnerabilities become your vulnerabilities.
DevSec needs to make sure that whatever version is being run, has up-to-date patches for these vulnerabilities. For this reason, all applications, especially those using 3rd party sources, should be scanned automatically in order to continuously detect vulnerable libraries, binaries, modules – remediating risk.
SourceGuard’s CLI cross-platform tool is designed to secure:
SourceGuard does not upload the source code of the scanned files to the cloud. The scanning is done locally. The final report and findings are sent to the cloud. Sensitive findings are also partially hashed for privacy reasons.
Integrate SourceGuard into your CI/CD pipeline so vulnerable code will never make it into the container registry or your K8s cluster in production.
Integrate SourceGuard into your CI/CD pipeline so vulnerable code will never make it into production
Security no longer needs to be slow. Integrate Check Point’s state of the art technologies to your CI/CD pipeline using our RESTful APIs. (Something about deploying in the cloud or injecting security auditing into agile development.)
Automation with Ansible, Terraform & Cloud Templates
Automate repeatable environments deployment and configuration using DevSecOps toolset to accelerate your security posture and eliminate manual errors.
Use the Check Point Ansible security module to configure and automate common infrastructure security tasks
Use the Check Point Terrafom module to orchestrate you infrastructure and configure your security network and endpoint products
Use Check Point’s pre-defined deployment templates such as CloudFormation (CFT), Azure Resource Manager (ARM) & Cloud Deployment Manager (CDM) to instantly deploy your cloud infrastructure integrated with Check Point’s products
Use Ansible, Terraform, or native Cloud Templates to deploy simple and complex infrastructures. In this example an online gaming company deploying its services across AWS and Azure.
By using Check Point’s integration wrappers, Automation and Orchestration becomes a straight forward task for DevOps and IT.
In our use case example, an online company deploys its services across different cloud provides (e.g. AWS and Azure) to achieve “best of breed” approach.
To deploy and orchestrate such a complex infrastructure Automation becomes a must have. Check Point provides the following integration wrappers to its products:
Function as a Service
The CloudGuard serverless security solution continuously scans your serverless infrastructure, code, and runtime environment. Utilizing machine-based analysis and deep learning algorithms, CloudGuard builds a model of normal application and function behavior to detect and stop application layer attacks.
Integrate CloudGuard into your CI/CD pipeline to analyze workloads. One severe risk is developers creating functions with overly permissive permissions.
IMAGE COMING SOON
Streamline your day-to-day security processes with Check Point RESTful APIs, Ansible and Terraform modules, and a variety of programming languages SDKs.
Streamline your security processes into external SIEM and System Management by using Check Point’s extensive RESTFul APIs, Python, GO, C# Development Kits
Automate your security operations
Check Point enables you to automate all management functionalities via its rich and intuitive APIs for cloud, on-premises and EndPoint environments
Automate your security deployments and configurations on-premises, across branch locations, in private and public clouds
Ensure that your public cloud infrastructure conforms to regulatory compliance requirements and security best practices at all times
Automate remediation, containment, and mitigation solutions that accelerate the resolution of dangerous misconfigurations
Upgrade your GWs or automate real-time queries and configurations using Check Point’s flexible APIs and development kits for easy integration
Auto-Remediation with CloudBots
Powered by Check Point CloudGuard, CloudBots provide intelligent auto-remediation, deployed directly in your cloud environment, ensuring ultimate protection
Auto-remediate compliance issues, such as an unencrypted S3 bucket during runtime. CloudGuard identifies compliance violations and triggers CloudBot to automatically remediate them. Use Check Point’s rich pre-defined remediation functions or write your own remediation procedure
Encrypt S3 bucket
Shutdown an infected VM
Close unnecessary Firewall ports