Skip to main content

Check Point Harmony Email and Collaboration (HEC)

This Integration is part of the Check Point Harmony Email and Collaboration (HEC) Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.9.0 and later.

The Best Way to Protect Enterprise Email & Collaboration from phishing, malware, account takeover, data loss, etc. This integration was integrated and tested with version 1.1.4 of CheckPointHEC

Configure Check Point Harmony Email and Collaboration (HEC) in Cortex#

ParameterDescriptionRequired
Smart API URL or Check Point Infinity API URLThe URL of the Smart API or Check Point Infinity API.True
Fetch incidentsEnable fetching incidents from the selected SaaS application.False
Incident typeFetch incidents of the selected types.False
Client IDThe client ID of the Smart API or Check Point Infinity API.True
Client SecretThe client secret of the Smart API or Check Point Infinity API.True
First fetch timeThe time range for the first fetch. The default is 1 hour.False
SaaS ApplicationGet incidents from the selected SaaSFalse
StateGet incidents with only the selected statesFalse
SeverityGet incidents with only the selected severitiesFalse
Threat TypeGet incidents with only the selected typesFalse
Maximum number of incidents per fetchThe maximum number of incidents to fetch per fetch. The default is 10.False
Collect restore requestsCollect restore requests as incidents.False
Trust any certificate (not secure)Trust server certificate.False
Use system proxy settingsUse system proxy settings.False
Incidents Fetch IntervalThe interval in minutes to fetch incidents. The default is 1 minute.False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

checkpointhec-get-entity#


Retrieve specific entity.

Base Command#

checkpointhec-get-entity

Input#

Argument NameDescriptionRequired
entityEntity id to retrieve.Required

Context Output#

PathTypeDescription
CheckPointHEC.Entity.internetMessageIdStringEmail message id in internet.
CheckPointHEC.Entity.receivedStringDatetime email was received in iso 8601 format.
CheckPointHEC.Entity.sizeStringEmail size.
CheckPointHEC.Entity.emailLinksunknownLinks in email.
CheckPointHEC.Entity.attachmentCountNumberNumber of attachments in email.
CheckPointHEC.Entity.attachmentsunknownFile attachments in email.
CheckPointHEC.Entity.modeStringInternal policy rule.
CheckPointHEC.Entity.recipientsunknownRecipient email addresses.
CheckPointHEC.Entity.subjectStringEmail subject.
CheckPointHEC.Entity.fromEmailStringEmail sender.
CheckPointHEC.Entity.fromDomainStringDomain where the email was sent from.
CheckPointHEC.Entity.fromUserunknownSender user details.
CheckPointHEC.Entity.fromNameStringSender name.
CheckPointHEC.Entity.tounknownEmail main recipients.
CheckPointHEC.Entity.toUserunknownUser details for main recipients.
CheckPointHEC.Entity.ccunknownEmail carbon copy recipients.
CheckPointHEC.Entity.ccUserunknownUser details for carbon copy recipients.
CheckPointHEC.Entity.bccunknownEmail blind carbon copy recipients.
CheckPointHEC.Entity.bccUserunknownUser details for blind carbon copy recipients.
CheckPointHEC.Entity.replyToEmailStringEmail reply.
CheckPointHEC.Entity.replyToNicknameStringEmail reply nickname.
CheckPointHEC.Entity.isReadBooleanEmail has been read.
CheckPointHEC.Entity.isDeletedBooleanEmail has been deleted.
CheckPointHEC.Entity.isIncomingBooleanEmail is from external organization.
CheckPointHEC.Entity.isInternalBooleanEmail is from same organization.
CheckPointHEC.Entity.isOutgoingBooleanEmail is to an external organization.
CheckPointHEC.Entity.isQuarantinedBooleanEmail has been quarantined.
CheckPointHEC.Entity.isQuarantineNotificationBooleanEmail is a notification of another quarantined email.
CheckPointHEC.Entity.isRestoredBooleanEmail is restored from quarantine.
CheckPointHEC.Entity.isRestoreRequestedBooleanEmail is a request to restore.
CheckPointHEC.Entity.isRestoreDeclinedBooleanEmail is a declined restore request.
CheckPointHEC.Entity.saasSpamVerdictStringSpam verdict.
CheckPointHEC.Entity.SpfResultStringSender Policy Framework check result.
CheckPointHEC.Entity.restoreRequestTimeStringRestore request datetime in iso 8601 format.
CheckPointHEC.Entity.isUserExposedBooleanEmail reached user inbox.

checkpointhec-get-email-info#


Retrieve specific email entity

Base Command#

checkpointhec-get-email-info

Input#

Argument NameDescriptionRequired
entityEmail entity id.Required

Context Output#

PathTypeDescription
CheckPointHEC.Email.fromEmailStringEmail sender.
CheckPointHEC.Email.tounknownEmail main recipients.
CheckPointHEC.Email.replyToEmailStringEmail reply.
CheckPointHEC.Email.replyToNicknameStringEmail reply nickname.
CheckPointHEC.Email.recipientsunknownRecipient email addresses.
CheckPointHEC.Email.subjectStringEmail subject.
CheckPointHEC.Email.ccunknownEmail carbon copy recipients.
CheckPointHEC.Email.bccunknownEmail blind carbon copy recipients.
CheckPointHEC.Email.isReadBooleanEmail has been read.
CheckPointHEC.Email.receivedStringDatetime email was received in iso 8601 format.
CheckPointHEC.Email.isDeletedBooleanEmail has been deleted.
CheckPointHEC.Email.isIncomingBooleanEmail is from external organization.
CheckPointHEC.Email.isOutgoingBooleanEmail is to an external organization.
CheckPointHEC.Email.internetMessageIdStringEmail message id in internet.
CheckPointHEC.Email.isUserExposedBooleanEmail reached user inbox

checkpointhec-get-scan-info#


Retrieve specific email scan with positive threats

Base Command#

checkpointhec-get-scan-info

Input#

Argument NameDescriptionRequired
entityScanned entity id.Required

Context Output#

PathTypeDescription
CheckPointHEC.ScanResult.apunknownAnti-phishing scan results
CheckPointHEC.ScanResult.dlpunknownData Loss Prevention scan results
CheckPointHEC.ScanResult.clicktimeProtectionunknownClick Time Protection scan results
CheckPointHEC.ScanResult.shadowItunknownShadow IT scan results
CheckPointHEC.ScanResult.avunknownAntivirus scan results

checkpointhec-search-emails#


Search for emails.

Base Command#

checkpointhec-search-emails

Input#

Argument NameDescriptionRequired
date_lastEmails not older than (1 day, 2 weeks, etc.). The arguments date_last and date_from with date_to are mutually exclusive and cannot be specified together in the same request.Optional
date_fromStart date to get emails in ISO 8601 format. The arguments date_last and date_from with date_to are mutually exclusive and cannot be specified together in the same request.Optional
date_toEnd date to get emails in ISO 8601 format. The arguments date_last and date_from with date_to are mutually exclusive and cannot be specified together in the same request.Optional
saasSaaS application to retrieve emails from. Possible values are: Microsoft Exchange, Gmail.Optional
directionEmail precedence. Possible values are: Internal, Incoming, Outgoing.Optional
subject_containsEmails with subject containing the given value. The arguments subject_contains and subject_match are mutually exclusive and cannot be specified together in the same request.Optional
subject_matchEmails with subject matching the given value. The arguments subject_contains and subject_match are mutually exclusive and cannot be specified together in the same request.Optional
sender_containsEmails with sender email containing the given value. The arguments sender_contains and sender_match are mutually exclusive and cannot be specified together in the same request.Optional
sender_matchEmails with sender email matching the given value. The arguments sender_contains and sender_match are mutually exclusive and cannot be specified together in the same request.Optional
domainEmails with sender domain matching the given value.Optional
cp_detectionDetection by Check Point. Possible values are: Phishing, Suspected Phishing, Malware, Suspected Malware, Spam, Clean, DLP, Malicious URL Click, Malicious URL.Optional
ms_detectionDetection by Microsoft. Possible values are: Malware, High Confidence Phishing, Phishing, High Confidence Spam, Spam, Bulk, Clean.Optional
detection_opDetection operator. Possible values are: OR, AND.Optional
server_ipSender server ip.Optional
recipients_containsEmails with recipients containing the given value. The arguments recipients_contains and recipients_match are mutually exclusive and cannot be specified together in the same request.Optional
recipients_matchEmails with recipients matching the given value. The arguments recipients_contains and recipients_match are mutually exclusive and cannot be specified together in the same request.Optional
linksEmails with links in body matching the given value.Optional
message_idGet specific email by id.Optional
cp_quarantined_stateQuarantine authored by Check Point. Possible values are: Quarantined (Any source), Not Quarantined, Quarantined by Check Point, Quarantined by CP Analyst, Quarantined by Admin.Optional
ms_quarantined_stateQuarantine authored by Microsoft. Possible values are: Quarantined, Not Quarantined, Not Quarantined Delivered to Inbox, Not Quarantined Delivered to Junk.Optional
quarantined_state_opQuarantine state operator. Possible values are: OR, AND.Optional
name_containsEmails with sender name containing the given value. The arguments name_contains and name_match are mutually exclusive and cannot be specified together in the same request.Optional
name_matchEmails with sender name matching the given value. The arguments name_contains and name_match are mutually exclusive and cannot be specified together in the same request.Optional
client_ipSender client IP.Optional
attachment_md5Attachment MD5 checksum.Optional

Context Output#

PathTypeDescription
CheckPointHEC.Entity.internetMessageIdStringEmail message id in internet.
CheckPointHEC.Entity.receivedStringDatetime email was received in iso 8601 format.
CheckPointHEC.Entity.sizeStringEmail size.
CheckPointHEC.Entity.emailLinksunknownLinks in email.
CheckPointHEC.Entity.attachmentCountNumberNumber of attachments in email.
CheckPointHEC.Entity.attachmentsunknownFile attachments in email.
CheckPointHEC.Entity.modeStringInternal policy rule.
CheckPointHEC.Entity.recipientsunknownRecipient email addresses.
CheckPointHEC.Entity.subjectStringEmail subject.
CheckPointHEC.Entity.fromEmailStringEmail sender.
CheckPointHEC.Entity.fromDomainStringDomain where the email was sent from.
CheckPointHEC.Entity.fromUserunknownSender user details.
CheckPointHEC.Entity.fromNameStringSender name.
CheckPointHEC.Entity.tounknownEmail main recipients.
CheckPointHEC.Entity.toUserunknownUser details for main recipients.
CheckPointHEC.Entity.ccunknownEmail carbon copy recipients.
CheckPointHEC.Entity.ccUserunknownUser details for carbon copy recipients.
CheckPointHEC.Entity.bccunknownEmail blind carbon copy recipients.
CheckPointHEC.Entity.bccUserunknownUser details for blind carbon copy recipients.
CheckPointHEC.Entity.replyToEmailStringEmail reply.
CheckPointHEC.Entity.replyToNicknameStringEmail reply nickname.
CheckPointHEC.Entity.isReadBooleanEmail has been read.
CheckPointHEC.Entity.isDeletedBooleanEmail has been deleted.
CheckPointHEC.Entity.isIncomingBooleanEmail is from external organization.
CheckPointHEC.Entity.isInternalBooleanEmail is from same organization.
CheckPointHEC.Entity.isOutgoingBooleanEmail is to an external organization.
CheckPointHEC.Entity.isQuarantinedBooleanEmail has been quarantined.
CheckPointHEC.Entity.isQuarantineNotificationBooleanEmail is a notification of another quarantined email.
CheckPointHEC.Entity.isRestoredBooleanEmail is restored from quarantine.
CheckPointHEC.Entity.isRestoreRequestedBooleanEmail is a request to restore.
CheckPointHEC.Entity.isRestoreDeclinedBooleanEmail is a declined restore request.
CheckPointHEC.Entity.saasSpamVerdictStringSpam verdict.
CheckPointHEC.Entity.SpfResultStringSender Policy Framework check result.
CheckPointHEC.Entity.restoreRequestTimeStringRestore request datetime in iso 8601 format.
CheckPointHEC.Entity.isUserExposedBooleanEmail reached user inbox.

checkpointhec-send-action#


Action for one or more emails.

Base Command#

checkpointhec-send-action

Input#

Argument NameDescriptionRequired
entityOne or multiple Email ids to apply action over.Required
saasSaaS application to apply action over. Possible values are: Microsoft Exchange, Gmail.Required
actionAction to perform. Possible values are: quarantine, restore, decline_restore_request.Required
restore_decline_reasonReason to decline restore request.Optional

Context Output#

PathTypeDescription
CheckPointHEC.Task.taskStringTask id of the sent action.

checkpointhec-get-action-result#


Get task info related to a sent action

Base Command#

checkpointhec-get-action-result

Input#

Argument NameDescriptionRequired
farmCustomer farm.Required
customerCustomer portal name.Required
taskTask id to retrieve.Required

Context Output#

PathTypeDescription
CheckPointHEC.ActionResult.actionsunknownAction information for each sent entity
CheckPointHEC.ActionResult.createdStringDate when action was created in iso 8601 format
CheckPointHEC.ActionResult.customerStringCustomer portal name
CheckPointHEC.ActionResult.failedNumberNumber of failed actions
CheckPointHEC.ActionResult.idNumberAction task id
CheckPointHEC.ActionResult.nameStringAction name
CheckPointHEC.ActionResult.ownerStringAction owner
CheckPointHEC.ActionResult.progressNumberNumber of actions in progress
CheckPointHEC.ActionResult.sequentialBooleanActions are in sequence
CheckPointHEC.ActionResult.statusStringAction status
CheckPointHEC.ActionResult.succeedNumberNumber of succeed actions
CheckPointHEC.ActionResult.totalNumberTotal of actions
CheckPointHEC.ActionResult.typeStringAction internal name
CheckPointHEC.ActionResult.updatedStringDate when action last updated in iso 8601 format

checkpointhec-send-notification#


Send notification about user exposition for the specific entity to the list of emails

Base Command#

checkpointhec-send-notification

Input#

Argument NameDescriptionRequired
entityEmail entity id.Required
emailsList of emails to send notification.Required

Context Output#

PathTypeDescription
CheckPointHEC.Notification.okBooleanResult of the operation.

checkpointhec-get-events#


Retrieve security events.

Base Command#

checkpointhec-get-events

Input#

Argument NameDescriptionRequired
start_dateStart date in ISO 8601 format.Required
end_dateEnd date in ISO 8601 format, now by default.Optional
saas_appsSaaS application to retrieve events from. Possible values are: Microsoft Exchange, Gmail.Optional
statesEvent states to be retrieved. Possible values are: New, Remediated, Detected, Exception, Dismissed.Optional
severitiesSeverity levels to be retrieved. Possible values are: Critical, High, Medium, Low, Very Low.Optional
threat_typesThreat types to be retrieved. Possible values are: DLP, Malware, Phishing, Anomaly, Suspicious Phishing, Suspicious Malware, Shadow IT, Alert, Spam, Malicious URL, Malicious URL Click.Optional
limitNumber of events to be returned.Optional

Context Output#

PathTypeDescription
CheckPointHEC.Event.eventIdStringSecurity event id.
CheckPointHEC.Event.customerIdStringCustomer portal name.
CheckPointHEC.Event.saasStringSaaS internal name.
CheckPointHEC.Event.entityIdStringEmail entity id related to the security event.
CheckPointHEC.Event.stateStringSecurity event state.
CheckPointHEC.Event.typeStringSecurity event threat type.
CheckPointHEC.Event.confidenceIndicatorStringSecurity event threat type.
CheckPointHEC.Event.eventCreatedStringSecurity event creation date.
CheckPointHEC.Event.severityStringSecurity event severity 1 - 5.
CheckPointHEC.Event.descriptionStringSecurity event description.
CheckPointHEC.Event.dataStringSecurity event data information.
CheckPointHEC.Event.additionalDataStringSecurity event additional data information if available.
CheckPointHEC.Event.availableEventActionsunknownActions available for the security event.
CheckPointHEC.Event.actionsunknownPerformed actions related to the security event.
CheckPointHEC.Event.senderAddressStringSender of email related to the security event.
CheckPointHEC.Event.entityLinkStringEmail link.

checkpointhec-get-ctp-list#


Get Click Time Protection list.

Base Command#

checkpointhec-get-ctp-list

Input#

Argument NameDescriptionRequired
list_idList id to retrieve.Required

Context Output#

PathTypeDescription
CheckPointHEC.CTPList.listidStringList id.
CheckPointHEC.CTPList.listnameStringList name.
CheckPointHEC.CTPList.listitemStringList of items in the list.

checkpointhec-delete-avurl-exceptions#


Delete Avanan URL exceptions.

Base Command#

checkpointhec-delete-avurl-exceptions

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: allow-url, allow-domain, block-url, block-domain.Required
exc_str_listList of exception strings to delete.Required
entity_typeEntity type.Optional
entity_idEntity id.Optional

Context Output#

There is no context output for this command.

checkpointhec-delete-avdlp-exception#


Delete Avanan URL exception.

Base Command#

checkpointhec-delete-avdlp-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: hash, text_content, sender_email, recipient_email.Required
exc_strException string.Required
entity_typeEntity type.Optional
entity_idEntity id.Optional

Context Output#

There is no context output for this command.

checkpointhec-get-anomaly-exceptions#


Get Anomaly exceptions.

Base Command#

checkpointhec-get-anomaly-exceptions

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
CheckPointHEC.AnomalyException.idStringAnomaly exception id.
CheckPointHEC.AnomalyException.anomaly_typeStringAnomaly type.
CheckPointHEC.AnomalyException.insert_timeStringAnomaly exception creation time.
CheckPointHEC.AnomalyException.update_timeStringAnomaly exception update time.
CheckPointHEC.AnomalyException.added_byStringAnomaly exception creator.
CheckPointHEC.AnomalyException.event_idStringSecurity event id.
CheckPointHEC.AnomalyException.customer_domainStringCustomer domain.
CheckPointHEC.AnomalyException.commentsStringAnomaly exception comment.
CheckPointHEC.AnomalyException.enabledBooleanAnomaly exception enabled.
CheckPointHEC.AnomalyException.exception_ruleStringAnomaly exception rule.
CheckPointHEC.AnomalyException.expiration_dateStringAnomaly exception expiration date.

checkpointhec-update-cp2-exception#


Update Anti-Malware exception.

Base Command#

checkpointhec-update-cp2-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: hash, macro_hash, file_type, ppat_sender_name.Required
exc_strException string.Required
commentException comment.Optional
exc_payload_conditionException payload condition. Possible values are: with_or_without_link, with_link, without_link.Optional

Context Output#

There is no context output for this command.

checkpointhec-create-avdlp-exception#


Create Avanan DLP exception.

Base Command#

checkpointhec-create-avdlp-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: hash, text_content, sender_email, recipient_email.Required
exc_strException string.Required
entity_typeEntity type.Optional
entity_idEntity id.Optional
commentException comment.Optional
exc_payload_conditionException payload condition. Possible values are: with_or_without_link, with_link, without_link.Optional
file_nameFile name.Optional
created_by_emailException creator email.Optional
is_exclusiveExclusive exception. Possible values are: yes, no.Optional

Context Output#

There is no context output for this command.

checkpointhec-delete-ctp-list-items#


Delete Click Time Protection list items.

Base Command#

checkpointhec-delete-ctp-list-items

Input#

Argument NameDescriptionRequired
list_item_idsList of item ids to delete.Required

Context Output#

There is no context output for this command.

checkpointhec-update-avdlp-exception#


Update Avanan URL exception.

Base Command#

checkpointhec-update-avdlp-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: hash, text_content, sender_email, recipient_email.Required
exc_strException string.Required
commentException comment.Optional
exc_payload_conditionException payload condition. Possible values are: with_or_without_link, with_link, without_link.Optional

Context Output#

There is no context output for this command.

checkpointhec-get-ap-exceptions#


Get Anti-Phishing and Anti-Spam exceptions or exception.

Base Command#

checkpointhec-get-ap-exceptions

Input#

Argument NameDescriptionRequired
exc_typeList name of exceptions to retrieve. Possible values are: whitelist, blacklist, spam_whitelist.Required
exc_idException id to retrieve.Optional

Context Output#

PathTypeDescription
CheckPointHEC.AntiPhishingException.added_byNumberException added by user id.
CheckPointHEC.AntiPhishingException.affected_countStringAffected count.
CheckPointHEC.AntiPhishingException.allowed_linksStringAllowed links.
CheckPointHEC.AntiPhishingException.attachment_md5StringEmail attachment MD5.
CheckPointHEC.AntiPhishingException.auto_classify_asStringAuto classify as.
CheckPointHEC.AntiPhishingException.commentStringException description.
CheckPointHEC.AntiPhishingException.customer_domainStringCustomer name.
CheckPointHEC.AntiPhishingException.edited_byStringException edited by.
CheckPointHEC.AntiPhishingException.email_linkStringEmail link.
CheckPointHEC.AntiPhishingException.email_link_matchingStringEmail link field condition.
CheckPointHEC.AntiPhishingException.entity_idNumberEntity id.
CheckPointHEC.AntiPhishingException.exception_typeStringException type.
CheckPointHEC.AntiPhishingException.expiration_timeStringException expiration time.
CheckPointHEC.AntiPhishingException.from_domainStringFrom domain.
CheckPointHEC.AntiPhishingException.from_domain_ends_withStringFrom domain field ends with.
CheckPointHEC.AntiPhishingException.from_domain_matchingStringFrom domain field condition.
CheckPointHEC.AntiPhishingException.from_emailStringEmail sender.
CheckPointHEC.AntiPhishingException.from_email_matchingStringFrom email field condition.
CheckPointHEC.AntiPhishingException.from_name_matchingStringFrom name field condition.
CheckPointHEC.AntiPhishingException.headersStringEmail headers.
CheckPointHEC.AntiPhishingException.ignoring_spf_checkBooleanIgnore SPF check.
CheckPointHEC.AntiPhishingException.insert_timeStringException creation time.
CheckPointHEC.AntiPhishingException.max_confidenceStringMaximum confidence.
CheckPointHEC.AntiPhishingException.max_confidence_spamStringMaximum confidence for spam.
CheckPointHEC.AntiPhishingException.message_headersStringMessage headers.
CheckPointHEC.AntiPhishingException.nicknameStringSender name.
CheckPointHEC.AntiPhishingException.owner_emailStringException owner email.
CheckPointHEC.AntiPhishingException.overrideBooleanOverride.
CheckPointHEC.AntiPhishingException.recipientStringEmail recipient.
CheckPointHEC.AntiPhishingException.recipient_matchingStringRecipient field condition.
CheckPointHEC.AntiPhishingException.sender_client_ipStringSender client IP.
CheckPointHEC.AntiPhishingException.sender_ipStringSender IP.
CheckPointHEC.AntiPhishingException.signature_keyStringSignature key.
CheckPointHEC.AntiPhishingException.subjectStringEmail subject.
CheckPointHEC.AntiPhishingException.subject_matchingStringSubject field condition.
CheckPointHEC.AntiPhishingException.update_timeStringException update.
CheckPointHEC.AntiPhishingException.user_labelStringUser label.

checkpointhec-create-avurl-exception#


Create Avanan URL exception.

Base Command#

checkpointhec-create-avurl-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: allow-url, allow-domain, block-url, block-domain.Required
exc_strException string.Required
entity_typeEntity type.Optional
entity_idEntity id.Optional
commentException comment.Optional
exc_payload_conditionException payload condition. Possible values are: with_or_without_link, with_link, without_link.Optional
file_nameFile name.Optional
created_by_emailException creator email.Optional
is_exclusiveExclusive exception. Possible values are: yes, no.Optional

Context Output#

There is no context output for this command.

checkpointhec-get-avdlp-exceptions#


Get Avanan DLP exceptions.

Base Command#

checkpointhec-get-avdlp-exceptions

Input#

Argument NameDescriptionRequired
exc_typeList name of exceptions to retrieve. Possible values are: hash, text_content, sender_email, recipient_email.Required
filter_strSearch string.Optional
filter_indexSearch index. Possible values are: insert_time, entity_type_id, exception_str, file_name, created_by_email, comment.Optional
sort_dirSort direction. Possible values are: asc, desc.Optional
last_evaluated_keyLast evaluated key.Optional
insert_time_gteInsert time field condition. Possible values are: yes, no.Optional
limitNumber of exceptions to retrieve.Optional

Context Output#

PathTypeDescription
CheckPointHEC.AvananDLPException.insert_timeStringException insert time.
CheckPointHEC.AvananDLPException.farm_customer_exception_typeStringFarm, customer and exception type info.
CheckPointHEC.AvananDLPException.exception_strStringException string, for id purposes.
CheckPointHEC.AvananDLPException.created_by_emailStringException email creator.
CheckPointHEC.AvananDLPException.commentStringException comment.
CheckPointHEC.AvananDLPException.exception_payloadStringException payload information.

checkpointhec-delete-ctp-lists#


Delete Click Time Protection lists.

Base Command#

checkpointhec-delete-ctp-lists

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

checkpointhec-create-anomaly-exception#


Create Anomaly exception.

Base Command#

checkpointhec-create-anomaly-exception

Input#

Argument NameDescriptionRequired
request_jsonAnomaly exception request json.Required
added_byUser id exception creator.Optional

Context Output#

There is no context output for this command.

checkpointhec-delete-cp2-exception#


Delete Anti-Malware exception.

Base Command#

checkpointhec-delete-cp2-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: hash, macro_hash, file_type, ppat_sender_name.Required
exc_strException string.Required
entity_typeEntity type.Optional
entity_idEntity id.Optional

Context Output#

There is no context output for this command.

checkpointhec-delete-anomaly-exceptions#


Delete Anomaly exceptions.

Base Command#

checkpointhec-delete-anomaly-exceptions

Input#

Argument NameDescriptionRequired
rule_idsExceptions to delete.Required

Context Output#

There is no context output for this command.

checkpointhec-report-mis-classification#


Report email mis-classification.

Base Command#

checkpointhec-report-mis-classification

Input#

Argument NameDescriptionRequired
entitiesEmail entity ids.Required
classificationNew classification. Possible values are: Clean Email, Spam, Phishing, Legit Marketing Email.Required
confidentConfidence level. Possible values are: Not so sure, Medium Confidence, High Confidence.Required

Context Output#

There is no context output for this command.

checkpointhec-get-avdlp-exception#


Get Avanan DLP exception.

Base Command#

checkpointhec-get-avdlp-exception

Input#

Argument NameDescriptionRequired
exc_typeList name of exceptions to retrieve. Possible values are: hash, text_content, sender_email, recipient_email.Required
exc_strException id to retrieve.Required

Context Output#

PathTypeDescription
CheckPointHEC.AvananDLPException.insert_timeStringException insert time.
CheckPointHEC.AvananDLPException.farm_customer_exception_typeStringFarm, customer and exception type info.
CheckPointHEC.AvananDLPException.exception_strStringException string, for id purposes.
CheckPointHEC.AvananDLPException.created_by_emailStringException email creator.
CheckPointHEC.AvananDLPException.commentStringException comment.
CheckPointHEC.AvananDLPException.exception_payloadStringException payload information.

checkpointhec-delete-ctp-list-item#


Delete Click Time Protection list item.

Base Command#

checkpointhec-delete-ctp-list-item

Input#

Argument NameDescriptionRequired
item_idItem id to delete.Required

Context Output#

There is no context output for this command.

checkpointhec-get-ctp-list-item#


Get Click Time Protection list item.

Base Command#

checkpointhec-get-ctp-list-item

Input#

Argument NameDescriptionRequired
item_idItem id to retrieve.Required

Context Output#

PathTypeDescription
CheckPointHEC.CTPListItem.created_atStringList item creation time.
CheckPointHEC.CTPListItem.created_byStringList item creator.
CheckPointHEC.CTPListItem.listidStringList id.
CheckPointHEC.CTPListItem.listitemidStringList item id.
CheckPointHEC.CTPListItem.listitemnameStringList item name.
CheckPointHEC.CTPListItem.listnameStringList name.

checkpointhec-update-avurl-exception#


Update Avanan URL exception.

Base Command#

checkpointhec-update-avurl-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: allow-url, allow-domain, block-url, block-domain.Required
exc_strException string.Required
commentException comment.Optional
exc_payload_conditionException payload condition. Possible values are: with_or_without_link, with_link, without_link.Optional

Context Output#

There is no context output for this command.

checkpointhec-create-ctp-list-item#


Create Click Time Protection list item.

Base Command#

checkpointhec-create-ctp-list-item

Input#

Argument NameDescriptionRequired
list_idList id.Required
list_item_nameList item name.Required
created_byList item creator.Required

Context Output#

There is no context output for this command.

checkpointhec-delete-ap-exception#


Delete Anti-Phishing and Anti-Spam exception.

Base Command#

checkpointhec-delete-ap-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: whitelist, blacklist, spam_whitelist.Required
exc_idException id.Required

Context Output#

There is no context output for this command.

checkpointhec-delete-avurl-exception#


Delete Avanan URL exception.

Base Command#

checkpointhec-delete-avurl-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: allow-url, allow-domain, block-url, block-domain.Required
exc_strException string.Required
entity_typeEntity type.Optional
entity_idEntity id.Optional

Context Output#

There is no context output for this command.

checkpointhec-get-cp2-exception#


Get Anti-Malware exception.

Base Command#

checkpointhec-get-cp2-exception

Input#

Argument NameDescriptionRequired
exc_typeList name of exceptions to retrieve. Possible values are: hash, macro_hash, file_type, ppat_sender_name.Required
exc_strException id to retrieve.Required

Context Output#

PathTypeDescription
CheckPointHEC.AntiMalwareException.insert_timeStringException insert time.
CheckPointHEC.AntiMalwareException.farm_customer_exception_typeStringFarm, customer and exception type info.
CheckPointHEC.AntiMalwareException.exception_strStringException string, for id purposes.
CheckPointHEC.AntiMalwareException.created_by_emailStringException email creator.
CheckPointHEC.AntiMalwareException.commentStringException comment.
CheckPointHEC.AntiMalwareException.exception_payloadStringException payload information.

checkpointhec-update-ap-exception#


Update Anti-Phishing and Anti-Spam exception.

Base Command#

checkpointhec-update-ap-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: whitelist, blacklist, spam_whitelist.Required
exc_idException id.Required
entity_idEntity id.Optional
attachment_md5Attachment MD5 checksum.Optional
from_emailEmail sender.Optional
nicknameSender name.Optional
recipientEmail recipient.Optional
sender_client_ipSender client IP.Optional
from_domain_ends_withFrom domain ends with.Optional
sender_ipSender IP.Optional
email_linkEmail link or links separated by comma.Optional
subjectEmail subject.Optional
commentException comment.Optional
action_neededAction needed.Optional
ignoring_spf_checkIgnoring SPF check.Optional
subject_matchingSubject field condition. Possible values are: matching, contains, exact.Optional
email_link_matchingEmail link field condition. Possible values are: matching, contains, exact.Optional
from_name_matchingFrom name field condition. Possible values are: matching, contains, exact.Optional
from_domain_matchingFrom domain field condition. Possible values are: contains, ends_with, exact.Optional
from_email_matchingFrom email field condition. Possible values are: matching, contains, exact.Optional
recipient_matchingRecipient field condition. Possible values are: matching, contains, exact.Optional

Context Output#

There is no context output for this command.

checkpointhec-create-cp2-exception#


Create Anti-Malware exception.

Base Command#

checkpointhec-create-cp2-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: hash, macro_hash, file_type, ppat_sender_name.Required
exc_strException string.Required
entity_typeEntity type.Optional
entity_idEntity id.Optional
commentException comment.Optional
exc_payload_conditionException payload condition. Possible values are: with_or_without_link, with_link, without_link.Optional
file_nameFile name.Optional
created_by_emailException creator email.Optional
is_exclusiveExclusive exception. Possible values are: yes, no.Optional

Context Output#

There is no context output for this command.

checkpointhec-delete-cp2-exceptions#


Delete Anti-Malware exceptions.

Base Command#

checkpointhec-delete-cp2-exceptions

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: hash, macro_hash, file_type, ppat_sender_name.Required
exc_str_listList of exception strings to delete.Required
entity_typeEntity type.Optional
entity_idEntity id.Optional

Context Output#

There is no context output for this command.

checkpointhec-get-ctp-lists#


Get Click Time Protection lists.

Base Command#

checkpointhec-get-ctp-lists

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
CheckPointHEC.CTPList.listidStringList id.
CheckPointHEC.CTPList.listnameStringList name.
CheckPointHEC.CTPList.listitemunknownList item in the list.

checkpointhec-update-ctp-list-item#


Update Click Time Protection list item.

Base Command#

checkpointhec-update-ctp-list-item

Input#

Argument NameDescriptionRequired
item_idItem id to update.Required
list_idList id.Required
list_item_nameList item name.Required
created_byList item creator.Required

Context Output#

There is no context output for this command.

checkpointhec-create-ap-exception#


Create Anti-Phishing and Anti-Spam exception.

Base Command#

checkpointhec-create-ap-exception

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: whitelist, blacklist, spam_whitelist.Required
entity_idEntity id.Optional
attachment_md5Attachment MD5 checksum.Optional
from_emailEmail sender.Optional
nicknameSender name.Optional
recipientEmail recipient.Optional
sender_client_ipSender client IP.Optional
from_domain_ends_withFrom domain ends with.Optional
sender_ipSender IP.Optional
email_linkEmail link or links separated by comma.Optional
subjectEmail subject.Optional
commentException comment.Optional
action_neededAction needed.Optional
ignoring_spf_checkIgnoring SPF check.Optional
subject_matchingSubject field condition. Possible values are: matching, contains, exact.Optional
email_link_matchingEmail link field condition. Possible values are: matching, contains, exact.Optional
from_name_matchingFrom name field condition. Possible values are: matching, contains, exact.Optional
from_domain_matchingFrom domain field condition. Possible values are: contains, ends_with, exact.Optional
from_email_matchingFrom email field condition. Possible values are: matching, contains, exact.Optional
recipient_matchingRecipient field condition. Possible values are: matching, contains, exact.Optional

Context Output#

There is no context output for this command.

checkpointhec-get-avurl-exceptions#


Get Avanan URL exceptions.

Base Command#

checkpointhec-get-avurl-exceptions

Input#

Argument NameDescriptionRequired
exc_typeList name of exceptions to retrieve. Possible values are: allow-url, allow-domain, block-url, block-domain.Required
filter_strSearch string.Optional
filter_indexSearch index. Possible values are: insert_time, entity_type_id, exception_str, file_name, created_by_email, comment.Optional
sort_dirSort direction. Possible values are: asc, desc.Optional
last_evaluated_keyLast evaluated key.Optional
insert_time_gteInsert time field condition. Possible values are: yes, no.Optional
limitNumber of exceptions to retrieve.Optional

Context Output#

PathTypeDescription
CheckPointHEC.AvananURLException.insert_timeStringException insert time.
CheckPointHEC.AvananURLException.farm_customer_exception_typeStringFarm, customer and exception type info.
CheckPointHEC.AvananURLException.exception_strStringException string, for id purposes.
CheckPointHEC.AvananURLException.created_by_emailStringException email creator.
CheckPointHEC.AvananURLException.commentStringException comment.
CheckPointHEC.AvananURLException.exception_payloadStringException payload information.

checkpointhec-get-ctp-list-items#


Get Click Time Protection list items.

Base Command#

checkpointhec-get-ctp-list-items

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
CheckPointHEC.CTPListItem.created_atStringList item creation time.
CheckPointHEC.CTPListItem.created_byStringList item creator.
CheckPointHEC.CTPListItem.listidStringList id.
CheckPointHEC.CTPListItem.listitemidStringList item id.
CheckPointHEC.CTPListItem.listitemnameStringList item name.
CheckPointHEC.CTPListItem.listnameStringList name.

checkpointhec-get-cp2-exceptions#


Get Anti-Malware exceptions.

Base Command#

checkpointhec-get-cp2-exceptions

Input#

Argument NameDescriptionRequired
exc_typeList name of exceptions to retrieve. Possible values are: hash, macro_hash, file_type, ppat_sender_name.Required
filter_strSearch string.Optional
filter_indexSearch index. Possible values are: insert_time, entity_type_id, exception_str, file_name, created_by_email, comment.Optional
sort_dirSort direction. Possible values are: asc, desc.Optional
last_evaluated_keyLast evaluated key.Optional
insert_time_gteInsert time field condition. Possible values are: yes, no.Optional
limitNumber of exceptions to retrieve.Optional

Context Output#

PathTypeDescription
CheckPointHEC.AntiMalwareException.insert_timeStringException insert time.
CheckPointHEC.AntiMalwareException.farm_customer_exception_typeStringFarm, customer and exception type info.
CheckPointHEC.AntiMalwareException.exception_strStringException string, for id purposes.
CheckPointHEC.AntiMalwareException.created_by_emailStringException email creator.
CheckPointHEC.AntiMalwareException.commentStringException comment.
CheckPointHEC.AntiMalwareException.exception_payloadStringException payload information.

checkpointhec-get-avurl-exception#


Get Avanan URL exception.

Base Command#

checkpointhec-get-avurl-exception

Input#

Argument NameDescriptionRequired
exc_typeList name of exceptions to retrieve. Possible values are: allow-url, allow-domain, block-url, block-domain.Required
exc_strException id to retrieve.Required

Context Output#

PathTypeDescription
CheckPointHEC.AvananURLException.insert_timeStringException insert time.
CheckPointHEC.AvananURLException.farm_customer_exception_typeStringFarm, customer and exception type info.
CheckPointHEC.AvananURLException.exception_strStringException string, for id purposes.
CheckPointHEC.AvananURLException.created_by_emailStringException email creator.
CheckPointHEC.AvananURLException.commentStringException comment.
CheckPointHEC.AvananURLException.exception_payloadStringException payload information.

checkpointhec-delete-avdlp-exceptions#


Delete Avanan DLP exceptions.

Base Command#

checkpointhec-delete-avdlp-exceptions

Input#

Argument NameDescriptionRequired
exc_typeException type. Possible values are: hash, text_content, sender_email, recipient_email.Required
exc_str_listList of exception strings to delete.Required
entity_typeEntity type.Optional
entity_idEntity id.Optional

Context Output#

There is no context output for this command.