Greetings to the readers of the TS Solution blog, in the last month of the outgoing year we continue to tell you about the news in the world of Check Point. Today we will talk about a new single portal – CheckMates Toolbox, it contains numerous automation tools for the daily work of administrators. The content is verified by the vendor itself, which indicates long-term support for this project.
Briefly about the main
The portal is part of a project well-known for many – CheckMates, if you are not yet registered in it and work with equipment from CheckPoint, then we strongly recommend visiting it more often, since it contains a large number of solutions.
By the way, December 24, 2020 is scheduled online meeting Russian community, where you can chat with colleagues and participate in competitions from Check Point.
Let’s get back to the project CheckMates Toolbox, its goal is to provide the end user with a single space in order to share tools and solutions when working with Check Point equipment, at the time of the article’s publication there are sections:
In addition to the above breakdown, there is an option for filtering solutions – “Verified by Check Point”, which accordingly confirms the verification by the vendor. From general words, let’s move on to the categories themselves and, using practical examples, we will analyze the proposed tools.
This section contains templates for viewing events. Let me remind you that the SmartEvent blade installed on your Management Server or a separate server requires a separate license and correlates logs, then generates reports by analogy with SIEM-like systems.
SmartEvent architecture for the curious
Correlation Unit (CU) – Reads records from the current server log file in real time and analyzes them using Correlation Policy, generating security events that are sent to the Event Server.
Analyzer Server – Uploads Event Policy to the Correlation Unit, stores the security events received from the Correlation Unit in its database, interacts with the Security Management Server to organize the blocking of the threat source on Check Point Security Gateways. Loads the necessary objects from the Security Management Server. Provides data for generating Reporting Server reports.
Analyzer Client – Organizes the interface for interaction and control with the Event Server, displays the information collected on the Event Server in various views.
It shows the number of unknown applications in your infrastructure, those that are not detected by the Application Control engine signature. It is also possible to find out the ports they are using, this will provide more detailed information about applications that are not visible out of the box and require additional elaboration.
Section contains the world’s best information security practices that you can use at Check Point, thanks to the Compliance blade (requires a corresponding active license).
The portal contains a large number of standards, you can download them to your Management Server from: Manage & Settings → Blades → Compliance → Settings
Section which will be of interest to those who want to automate routine processes, but are not ready to spend a lot of time writing their own bash scripts. The Check Mates community has long offered various software solutions for Check Point infrastructure administrators, but the new portal managed to put everything in one place.
As part of the article, we will talk about several interesting projects, you can always familiarize yourself with others on your own.
one) Accordingly, the download requires:
curl_cli https://raw.githubusercontent.com/0x7c2/cpme/main/cpme-install.sh -k | bash
2) running the utility itself:
3) In the menu you can choose:
4) go through the sections – Gaia Operating System (1)
You can easily check the availability of Check Point services (3), etc.
5) A large number of checks of the system itself – Health Analysis (2):
6) Troubleshooting Options (7) will also be helpful:
7) Separately, we note the ability to collect an HTML report (10), which you can view:
Remote Access VPN Statistics – OneLiner
Extremely relevant for our time bash script, which will display statistics on remote users (number of employees, license consumption, etc.).
It can also be executed as a Task (dispatched from SmartConsole).
Show AntiSpoofing Networks via CLI
Bash script that collects Anti-Spoofing statistics from your active Security Gateway interfaces. For those who have forgotten or are not familiar with the technology, it allows you to prevent spoofing of addressing from the source or destination, due to the fact that the Check Point gateway has information about the type of traffic (internal, external, etc.).
The script output will display the networks that fall under Anti-Spoofing, which will significantly save your time when troubleshooting traffic routing (unexplained drops).
In this section contains templates for Extensions. This allows you to quickly receive various system information from your Security Gateway or Management Server in the SmartConsole itself.
To activate the option, go to: Manage & Settings → Preferences → SmartConsole Extensions
Where to download the corresponding URL: https://dannyjung.de/ds.json
It is taken from the example:
Accordingly, you will see about the distribution of cores within the CoreXL technology. For more information on its mechanisms of operation, please follow the link.
Section for automating the deployment of Check Point products to cloud providers. At the time of the publication of the article, it had just appeared and contained only 1 solution.
The proposed bash script will allow you to deploy Cloud Guard in the Google cloud in a semi-automatic mode.
Instead of a conclusion
Today we met with new portal, which conveniently organizes useful community tools, there is a Check Point review. If you need additional materials on the vendor’s products, you can contact article with learning resources. We will continue to introduce you to news from the Check Point world and other products, stay with us, see you soon!