Skip to main content

Check Point Dome9 (CloudGuard)

This Integration is part of the Check Point Dome9 (CloudGuard) Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

Dome9 integration allows to easily manage the security and compliance of the public cloud. This integration was integrated and tested with version 2 of checkpointdome9

Configure Check Point Dome9 (CloudGuard) in Cortex#

ParameterDescriptionRequired
Server URLTrue
API key IDTrue
API key secretTrue
Use system proxy settingsFalse
Trust any certificate (not secure)False
Maximum incidents for one fetch.Maximum number of incidents per fetch. Default is 50. The maximum is 100.False
Fetch incidentsFalse
Alert region (AWS) to fetch as incidents.False
Alert severity to fetch as incidents.False
First fetch timeFirst alert created date to fetch. e.g., "1 min ago","2 weeks ago","3 months ago"False
Incident typeFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

dome9-access-lease-list#


Get a list of all active Access Leases.

Base Command#

dome9-access-lease-list

Input#

Argument NameDescriptionRequired
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
CheckPointDome9.AccessLease.cloudAccountIdStringThe AWS Access Leases cloud account ID.
CheckPointDome9.AccessLease.regionStringThe AWS Access Leases region.
CheckPointDome9.AccessLease.securityGroupIdStringThe AWS Access Leases security group ID.
CheckPointDome9.AccessLease.createdStringThe AWS Access Leases created date.
CheckPointDome9.AccessLease.userStringThe AWS Access Leases user.
CheckPointDome9.AccessLease.lengthStringThe AWS Access Leases length.
CheckPointDome9.AccessLease.protocolStringThe AWS Access Leases protocol.
CheckPointDome9.AccessLease.idStringThe AWS Access Leases ID.

Command example#

!dome9-access-lease-list

Context Example#

{
"CheckPointDome9": {
"AccessLease": [
{
"accountId": "accountId",
"cloudAccountId": "cloudAccountId",
"created": "created",
"id": "id",
"ip": "ip",
"length": "length",
"name": "name",
"note": null,
"portFrom": 0,
"portTo": 0,
"protocol": "protocol",
"region": "region",
"securityGroupId": "securityGroupId",
"srl": "srl",
"user": "user"
}
]
}
}

Human Readable Output#

Access Lease:#

Showing 1 rows out of 1. |Id|Name|Ip|User|Region|Length|Created| |---|---|---|---|---|---|---| | id | name | ip | userMail | region | length | created |

dome9-access-lease-delete#


Terminate an Access Lease.

Base Command#

dome9-access-lease-delete

Input#

Argument NameDescriptionRequired
lease_idThe Access Lease ID.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-access-lease-delete lease_id=id

Context Example#

{
"CheckPointDome9": {
"AccessLease": ""
}
}

Human Readable Output#

Access Lease Deleted successfully

dome9-access-lease-invitation-list#


Get a lease invitation.

Base Command#

dome9-access-lease-invitation-list

Input#

Argument NameDescriptionRequired
invitation_idThe Access Lease invitation ID.Optional

Context Output#

PathTypeDescription
CheckPointDome9.AccessLease.Invitation.lengthStringThe Access Lease invitation length.
CheckPointDome9.AccessLease.Invitation.idStringThe Access Lease invitation ID.
CheckPointDome9.AccessLease.Invitation.createdStringThe Access Lease invitation created time.
CheckPointDome9.AccessLease.Invitation.recipientNameStringThe Access Lease invitation recipient name.

Command example#

!dome9-access-lease-invitation-list

Context Example#

{
"CheckPointDome9": {
"AccessLease": {
"Invitation": {
"body": null,
"created": "created",
"expirationTime": "expirationTime",
"id": "id",
"issuerName": "userMail",
"length": "length",
"notifyEmail": null,
"pivotEntity": "pivotEntity",
"recipientName": "userMail",
"serviceName": "name",
"targetSrl": "targetSrl"
}
}
}
}

Human Readable Output#

Access Lease invitation#

Showing 1 rows out of 1. |Id|Issuername|Recipientname|Length|Created| |---|---|---|---|---| | id | userMail | userMail | length | created |

dome9-access-lease-invitation-delete#


Delete an Access Lease invitation.

Base Command#

dome9-access-lease-invitation-delete

Input#

Argument NameDescriptionRequired
invitation_idAccess Lease invitation.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-access-lease-invitation-delete invitation_id=invitation_id

Context Example#

{
"CheckPointDome9": {
"AccessLease": {
"Invitation": ""
}
}
}

Human Readable Output#

Access Lease Invitation Deleted successfully

dome9-findings-search#


Search for findings in CloudGuard.

Base Command#

dome9-findings-search

Input#

Argument NameDescriptionRequired
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional
severityThe findings severities. Possible values are: High, Medium, Low.Optional
regionThe findings regions. Possible values are: N. Virginia, Global, Canada Central, Frankfurt, Ireland, London, Mumbai, N. California, Ohio, Oregon, Osaka, Paris, Seoul, Singapore, Stockholm, Sydney, São Paulo, Tokyo.Optional

Context Output#

PathTypeDescription
CheckPointDome9.Findings.idStringThe findings ID.
CheckPointDome9.Findings.severityStringThe severity of the findings.
CheckPointDome9.Findings.regionStringThe findings region.
CheckPointDome9.Findings.statusNumberThe status of the findings.
CheckPointDome9.Findings.actionStringThe action of the findings.
CheckPointDome9.Findings.alertTypeNumberThe alert type of the findings.

Command example#

!dome9-findings-search

Context Example#

{
"CheckPointDome9": {
"Findings": [
{
"acknowledged": false,
"action": "action",
"additionalFields": [],
"alertType": "alertType",
"bundleId": "bundleId",
"bundleName": "bundleName",
"category": "",
"cloudAccountExternalId": "cloudAccountExternalId",
"cloudAccountId": "cloudAccountId",
"cloudAccountType": "cloudAccountType",
"comments": [],
"createdTime": "createdTime",
"description": "description",
"entityDome9Id": "entityDome9Id",
"entityExternalId": "entityExternalId",
"entityName": "entityName",
"entityNetwork": null,
"entityTags": [],
"entityType": "entityType",
"entityTypeByEnvironmentType": "entityTypeByEnvironmentType",
"findingKey": "findingKey",
"id": "id",
"isExcluded": false,
"labels": [],
"lastSeenTime": "lastSeenTime",
"magellan": null,
"occurrences": [],
"organizationalUnitId": "organizationalUnitId",
"organizationalUnitPath": "",
"origin": "origin",
"ownerUserName": null,
"region": "region",
"remediation": "remediation",
"remediationActions": [],
"ruleId": "ruleId",
"ruleLogic": "ruleLogic",
"ruleName": "ruleName",
"scanId": null,
"severity": "severity",
"status": "status",
"tag": "tag",
"updatedTime": "updatedTime",
"webhookResponses": null
}
]
}
}

Human Readable Output#

Findings:#

Showing 1 rows out of 48. |Id|Alerttype|Severity|Region|Status|Action|Cloudaccountid|Description| |---|---|---|---|---|---|---|---| | id | alertType | severity | region | status | action | Cloudaccountid | Description |

dome9-ip-list-create#


Add a new IP list.

Base Command#

dome9-ip-list-create

Input#

Argument NameDescriptionRequired
nameThe IP list name.Required
descriptionThe IP list description.Required
ipComma-separated list of IP addresses.Optional
commentComma-separated list of comments for the IP addresses. One comment per IP address.Optional

Context Output#

PathTypeDescription
CheckPointDome9.IpList.idStringThe IP list ID.
CheckPointDome9.IpList.nameStringThe IP list name.
CheckPointDome9.IpList.descriptionStringThe IP list description.
CheckPointDome9.IpList.itemsStringThe IP list items (IP addresses).

Command example#

!dome9-ip-list-create description=description2022 name=name31072022

Context Example#

{
"CheckPointDome9": {
"IpList": {
"description": "description2022",
"id": "id",
"items": [],
"name": "name31072022"
}
}
}

Human Readable Output#

IP list created successfully

dome9-ip-list-update#


Update an IP list. This will override the existing IP list.

Base Command#

dome9-ip-list-update

Input#

Argument NameDescriptionRequired
list_idThe IP list ID.Required
descriptionThe IP list description.Optional
ipComma-separated list of IP addresses.Optional
commentComma-separated list of comments for the IP addresses. One comment per IP address.Optional
update_modeThe command mode. Default mode is add_new_items. Possible values are: add_new_items, replace_old_items.Optional

Context Output#

There is no context output for this command.

Command example#

!dome9-ip-list-update list_id=id description=NEW

Context Example#

{
"CheckPointDome9": {
"IpList": ""
}
}

Human Readable Output#

IP list updated successfully

dome9-ip-list-get#


Get an IP List by ID.

Base Command#

dome9-ip-list-get

Input#

Argument NameDescriptionRequired
list_idThe IP list ID to fetch.Optional

Context Output#

PathTypeDescription
CheckPointDome9.IpList.idStringThe IP list ID.
CheckPointDome9.IpList.nameStringThe IP list name.
CheckPointDome9.IpList.descriptionStringThe IP list description.
CheckPointDome9.IpList.itemsStringThe IP list items (IP addresses).

Command example#

!dome9-ip-list-get

Context Example#

{
"CheckPointDome9": {
"IpList": [
{
"description": "description",
"id": "id",
"items": [
{
"comment": "new comment",
"ip": "ip"
}
],
"name": "NewList-2"
}
]
}
}

Human Readable Output#

IP list#

IdNameItemsDescription
idNewList-2ipdescription

dome9-ip-list-delete#


Delete an IP List by ID.

Base Command#

dome9-ip-list-delete

Input#

Argument NameDescriptionRequired
list_idThe ID of the IP list to delete.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-ip-list-delete list_id=id

Context Example#

{
"CheckPointDome9": {
"IpList": ""
}
}

Human Readable Output#

IP list deleted successfully

dome9-ip-list-metadata-list#


Get all IP addresses metadata.

Base Command#

dome9-ip-list-metadata-list

Input#

Argument NameDescriptionRequired
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
CheckPointDome9.IpList.Metadata.idStringThe IP address internal ID.
CheckPointDome9.IpList.Metadata.cidrstringThe IP address CIDR.
CheckPointDome9.IpList.Metadata.nameStringThe IP address name.
CheckPointDome9.IpList.Metadata.classificationStringThe IP address classification.

Command example#

!dome9-ip-list-metadata-list

Context Example#

{
"CheckPointDome9": {
"IpList": {
"Metadata": [
{
"cidr": "cidr",
"classificaiton": "classification",
"classification": "classification",
"id": "id",
"name": "name"
}
]
}
}
}

Human Readable Output#

IP List metadata#

Showing 8 rows out of 8. |Id|Name|Cidr|Classification| |---|---|---|---| | id | name | cidr | classification |

Command example#

!dome9-ip-list-metadata-list

Context Example#

{
"CheckPointDome9": {
"IpList": {
"Metadata": [
{
"cidr": "cidr",
"classificaiton": "classification",
"classification": "classification",
"id": "id",
"name": "name"
}
]
}
}
}

Human Readable Output#

IP List metadata#

Showing 8 rows out of 8. |Id|Name|Cidr|Classification| |---|---|---|---| | id | name | cidr | classification |

dome9-ip-list-metadata-create#


Add metadata for a new IP address. An IP address metadata must contain the CIDR, name, and classification. Classification can be External, Unsafe, Dmz, InternalVpc, InternalDc, or NoClassification.

Base Command#

dome9-ip-list-metadata-create

Input#

Argument NameDescriptionRequired
cidrThe IP address CIDR.Required
nameThe IP address name.Required
classificationThe IP address classification. Possible values are: External, Unsafe, Dmz, InternalVpc, InternalDc, NoClassification..Required

Context Output#

PathTypeDescription
CheckPointDome9.IpList.Metadata.idStringThe IP address internal ID.
CheckPointDome9.IpList.Metadata.cidrstringThe IP address CIDR.
CheckPointDome9.IpList.Metadata.nameStringThe IP address name.
CheckPointDome9.IpList.Metadata.classificationStringThe IP address classification.

Command example#

!dome9-ip-list-metadata-create cidr=cidr classification=classification name=metadata

Context Example#

{
"CheckPointDome9": {
"IpList": {
"Metadata": {
"cidr": "cidr",
"classificaiton": "classification",
"classification": "classification",
"id": "id",
"name": "metadata"
}
}
}
}

Human Readable Output#

IP List metadata created successfully#

CidrClassificaitonClassificationIdName
cidrclassificationclassificationidmetadata

dome9-ip-list-metadata-update#


Update an existing IP address metadata. Classification can only be External, Unsafe, Dmz, InternalVpc, InternalDc, or NoClassification.

Base Command#

dome9-ip-list-metadata-update

Input#

Argument NameDescriptionRequired
list_metadata_idThe IP address internal ID.Required
nameThe IP address nName.Optional
classificationThe IP address classification. Possible values are: External, Unsafe, Dmz, InternalVpc, InternalDc, NoClassification..Required

Context Output#

PathTypeDescription
CheckPointDome9.IpList.Metadata.idStringThe IP address internal ID.
CheckPointDome9.IpList.Metadata.cidrstringThe IP address CIDR.
CheckPointDome9.IpList.Metadata.nameStringThe IP address Name.
CheckPointDome9.IpList.Metadata.classificationStringThe IP address classification.

Command example#

!dome9-ip-list-metadata-update classification=classification list_metadata_id=list_metadata_id name=NewName

Context Example#

{
"CheckPointDome9": {
"IpList": {
"Metadata": {
"cidr": "cidr",
"classificaiton": "classification",
"classification": "classification",
"id": "list_metadata_id",
"name": "NewName"
}
}
}
}

Human Readable Output#

IP List metadata updated successfully#

CidrClassificaitonClassificationIdName
cidrclassificationclassificationlist_metadata_idNewName

dome9-ip-list-metadata-delete#


Delete an IP address metadata with a specific CIDR.

Base Command#

dome9-ip-list-metadata-delete

Input#

Argument NameDescriptionRequired
account_idThe account ID.Required
addressThe IP address to delete.Required
maskThe subnet mask.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-ip-list-metadata-delete account_id=account_id address=ip mask=32

Context Example#

{
"CheckPointDome9": {
"IpList": {
"Metadata": ""
}
}
}

Human Readable Output#

IP List metadata deleted successfully

dome9-compliance-remediation-get#


Get a list of remediations for the account.

Base Command#

dome9-compliance-remediation-get

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
CheckPointDome9.ComplianceRemediation.idStringRemediation ID.
CheckPointDome9.ComplianceRemediation.ruleLogicHashStringHash for the rule logic.
CheckPointDome9.ComplianceRemediation.ruleNameStringRule name.
CheckPointDome9.ComplianceRemediation.ruleIdStringRule ID.
CheckPointDome9.ComplianceRemediation.logicStringThe GSL logic of the exclusion.
CheckPointDome9.ComplianceRemediation.rulesetIdNumberRuleset ID.
CheckPointDome9.ComplianceRemediation.platformStringRemediation platform.
CheckPointDome9.ComplianceRemediation.cloudBotsStringCloud bots execution expressions.

Command example#

!dome9-compliance-remediation-get

Context Example#

{
"CheckPointDome9": {
"ComplianceRemediation": [
{
"cloudAccountId": null,
"cloudBots": [
"cloudBots"
],
"comment": "comment",
"id": "id",
"logic": null,
"platform": "platform",
"ruleId": null,
"ruleLogicHash": "ruleLogicHash",
"ruleName": null,
"rulesetId": -51
}
]
}
}

Human Readable Output#

Compliance remediation:#

IdRulelogichashRulesetidPlatformCommentCloudbots
idruleLogicHashruleset_idplatformcommentcloudbots

dome9-compliance-remediation-create#


Add a new remediation.

Base Command#

dome9-compliance-remediation-create

Input#

Argument NameDescriptionRequired
ruleset_idRuleset ID to apply remediation on. Use the dome9-compliance-ruleset-list command to get the Ruleset ID list.Required
commentComment text.Required
cloudbotsCloud bots execution expressions. Possible values are: ami_set_to_private, acm_delete_certificate, cloudtrail_enable, cloudtrail_enable_log_file_validation, cloudtrail_send_to_cloudwatch, cloudwatch_create_metric_filter, config_enable, ec2_attach_sg, ec2_attach_instance_role, ec2_create_snapshot, ec2_release_eips, ec2_quarantine_instance, ec2_stop_instance, ec2_terminate_instance, ec2_update_instance_role, ec2_service_role_detach_inline_group, iam_detach_policy, iam_group_delete_inline_group, iam_generate_credential_report, iam_role_attach_policy, iam_user_attach_policy, iam_user_deactivate_unused_access_key, iam_user_delete_inline_policies, iam_user_disable_console_password, iam_user_force_password_change, iam_quarantine_role, iam_quarantine_user, iam_role_clone_with_non_enumerable_name, iam_turn_on_password_policy, igw_delete, kms_cmk_enable_key, kms_enable_rotation, lambda_detach_blanket_permissions, lambda_tag, lambda_enable_active_tracing, load_balancer_enable_access_logs, mark_for_stop_ec2_resource.Required
rule_logic_hashHash for the rule logic. Use the compliance-ruleset-rule-list command to fetch logic hash.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-compliance-remediation-create cloudbots=cloudbots comment=COMMENT rule_logic_hash=rule_logic_hash/k4lIw ruleset_id=rule_id

Context Example#

{
"CheckPointDome9": {
"ComplianceRemediation": {
"cloudAccountId": null,
"cloudBots": [
"cloudbots"
],
"comment": "COMMENT",
"id": "id",
"logic": null,
"platform": "platform",
"ruleId": null,
"ruleLogicHash": "ruleLogicHash",
"ruleName": null,
"rulesetId": "rulesetId"
}
}
}

Human Readable Output#

Remediation created successfully#

CloudbotsIdRulelogichashRulesetidPlatformComment
cloudbotsidruleLogicHashruleset_idplatformCOMMENT

dome9-compliance-remediation-update#


Update a remediation.

Base Command#

dome9-compliance-remediation-update

Input#

Argument NameDescriptionRequired
remediation_idRemediation ID.Required
ruleset_idRuleset ID.Required
commentComment text.Required
cloudbotsCloud bots execution expressions. Possible values are: ami_set_to_private, acm_delete_certificate, cloudtrail_enable, cloudtrail_enable_log_file_validation, cloudtrail_send_to_cloudwatch, cloudwatch_create_metric_filter, config_enable, ec2_attach_sg, ec2_attach_instance_role, ec2_create_snapshot, ec2_release_eips, ec2_quarantine_instance, ec2_stop_instance, ec2_terminate_instance, ec2_update_instance_role, ec2_service_role_detach_inline_group, iam_detach_policy, iam_group_delete_inline_group, iam_generate_credential_report, iam_role_attach_policy, iam_user_attach_policy, iam_user_deactivate_unused_access_key, iam_user_delete_inline_policies, iam_user_disable_console_password, iam_user_force_password_change, iam_quarantine_role, iam_quarantine_user, iam_role_clone_with_non_enumerable_name, iam_turn_on_password_policy, igw_delete, kms_cmk_enable_key, kms_enable_rotation, lambda_detach_blanket_permissions, lambda_tag, lambda_enable_active_tracing, load_balancer_enable_access_logs, mark_for_stop_ec2_resource.Required
rule_logic_hashHash for the rule logic. Use the compliance-ruleset-rule-list command to fetch logic hash.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-compliance-remediation-update remediation_id=r_id cloudbots=cloudbots comment=COMMENT rule_logic_hash=ruleLogicHash ruleset_id=ruleset_id

Context Example#

{
"CheckPointDome9": {
"ComplianceRemediation": {
"cloudAccountId": null,
"cloudBots": [
"cloudbots"
],
"comment": "COMMENT",
"id": "r_id",
"logic": null,
"platform": "platform",
"ruleId": null,
"ruleLogicHash": "ruleLogicHash",
"ruleName": null,
"rulesetId": "ruleset_id"
}
}
}

Human Readable Output#

Remediation updated successfully#

CloudbotsIdRulelogichashRulesetidPlatformComment
cloudbotsr_idruleLogicHashruleset_idplatformCOMMENT

dome9-compliance-remediation-delete#


Delete a remediation.

Base Command#

dome9-compliance-remediation-delete

Input#

Argument NameDescriptionRequired
remediation_idRemediation ID.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-compliance-remediation-delete remediation_id=remediation_id

Context Example#

{
"CheckPointDome9": {
"ComplianceRemediation": ""
}
}

Human Readable Output#

Remediation deleted successfully

dome9-compliance-ruleset-list#


Get all Rulesets for the account.

Base Command#

dome9-compliance-ruleset-list

Input#

Argument NameDescriptionRequired
ruleset_idThe Ruleset ID.Optional
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
CheckPointDome9.ComplianceRuleset.accountIdStringThe account ID.
CheckPointDome9.ComplianceRuleset.idNumberThe Ruleset ID.
CheckPointDome9.ComplianceRuleset.nameStringThe Ruleset name.
CheckPointDome9.ComplianceRuleset.descriptionStringThe Ruleset description.

Command example#

!dome9-compliance-ruleset-list

Context Example#

{
"CheckPointDome9": {
"ComplianceRuleset": [
{
"accountId": "account_id",
"cloudVendor": "cloudVendor",
"common": false,
"createdTime": "createdTime",
"default": false,
"description": "description",
"hideInCompliance": false,
"icon": "",
"id": "id",
"isTemplate": true,
"language": "language",
"minFeatureTier": "minFeatureTier",
"name": "name",
"rulesCount": 1,
"section": 2,
"showBundle": true,
"systemBundle": false,
"tooltipText": "tooltipText",
"updatedTime": "updatedTime",
"version": 32
}
]
}
}

Human Readable Output#

Compliance Ruleset:#

Showing 50 rows out of 136. |Accountid|Id|Name|Description| |---|---|---|---| | account_id | id | name | description |

dome9-compliance-ruleset-rule-list#


Get rule details. Get the rule logic hash to create a new remediation.

Base Command#

dome9-compliance-ruleset-rule-list

Input#

Argument NameDescriptionRequired
rule_idThe Ruleset ID.Required
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
CheckPointDome9.ComplianceRuleset.Rule.nameStringThe rule name.
CheckPointDome9.ComplianceRuleset.Rule.severityStringThe rule severity.
CheckPointDome9.ComplianceRuleset.Rule.logicNumberThe rule logic.
CheckPointDome9.ComplianceRuleset.Rule.logicHashStringThe rule logic hash.
CheckPointDome9.ComplianceRuleset.Rule.descriptionStringThe rule description.

Command example#

!dome9-compliance-ruleset-rule-list rule_id=-41

Context Example#

{
"CheckPointDome9": {
"ComplianceRuleset": {
"Rule": [
{
"category": "",
"cloudbots": null,
"complianceTag": "complianceTag",
"controlTitle": "",
"description": "description",
"domain": "",
"isDefault": false,
"labels": [],
"logic": "logic",
"logicHash": "logicHash",
"name": "name",
"priority": "",
"remediation": "remediation",
"ruleId": "ruleId",
"severity": "severity"
}
]
}
}
}

Human Readable Output#

Compliance Ruleset Rules:#

Showing 10 rows out of 10. |Name|Severity|Description|Logic|Logichash| |---|---|---|---|---| | name | severity | description | logic | logicHash |

dome9-security-group-instance-attach#


Attach the security group to an AWS EC2 instance.

Base Command#

dome9-security-group-instance-attach

Input#

Argument NameDescriptionRequired
instance_idAWS instance ID.Required
sg_idAWS security group internal ID.Required
nic_nameThe instance NIC name. Use the dome9-instance-list command to get this argument.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-security-group-instance-attach instance_id=i-instance_id nic_name=nic_name sg_id=sg_id

Context Example#

{
"CheckPointDome9": {
"Instance": {
"amiLaunchIndex": 0,
"architecture": "architecture",
"blockDeviceMappings": [
{
"deviceName": "deviceName",
"ebs": {
"attachTime": "attachTime",
"deleteOnTermination": true,
"status": "status",
"volumeId": "volumeId"
}
}
],
"clientToken": null,
"ebsOptimized": false,
"enaSupport": true,
"externalId": "externalId",
"hypervisor": "hypervisor",
"iamInstanceProfile": null,
"imageId": "imageId",
"imageName": null,
"instanceId": "instanceId",
"instanceLifecycle": null,
"instanceType": "instanceType",
"isMicro": true,
"isRunning": true,
"kernelId": null,
"keyName": "keyName",
"launchTime": "launchTime",
"monitoring": {
"state": "state"
},
"networkInterfaces": [
{
"association": {
"ipOwnerId": "ipOwnerId",
"publicDnsName": "publicDnsName",
"publicIp": "publicIp"
},
"attachment": {
"attachTime": "attachTime",
"attachmentId": "attachmentId",
"deleteOnTermination": true,
"deviceIndex": 0,
"status": "status"
},
"description": null,
"groups": [
{
"groupId": "groupId",
"groupName": "groupName"
}
],
"ipv6Addresses": [],
"macAddress": "macAddress",
"networkInterfaceId": "networkInterfaceId",
"ownerId": "ownerId",
"privateDnsName": "privateDnsName",
"privateIpAddress": "privateIpAddress",
"privateIpAddresses": [
{
"association": {
"ipOwnerId": "ipOwnerId",
"publicDnsName": "publicDnsName",
"publicIp": "publicIp"
},
"primary": true,
"privateDnsName": "privateDnsName",
"privateIpAddress": "privateIpAddress"
}
],
"sourceDestCheck": true,
"status": "status",
"subnetId": "subnetId",
"vpcId": "vpcId"
}
],
"niCs": [
{
}
],
"osType": "osType",
"placement": {
"affinity": null,
"availabilityZone": "availabilityZone",
"groupName": null,
"hostId": null,
"tenancy": "tenancy"
},
"platform": null,
"privateDnsName": "privateDnsName",
"privateIpAddress": "privateIpAddress",
"productCodes": [],
"profileArn": null,
"publicDnsName": "publicDnsName",
"publicIpAddress": "publicIpAddress",
"ramdiskId": null,
"rootDeviceName": "rootDeviceName",
"rootDeviceType": "rootDeviceType",
"securityGroups": [
],
"sourceDestCheck": true,
"spotInstanceRequestId": null,
"sriovNetSupport": null,
"state": {
},
"stateReason": null,
"stateTransitionReason": null,
"subnetId": "subnetId",
"tags": [
{
"key": "Name",
"value": "value"
}
],
"virtualizationType": "virtualizationType",
"vpcId": "vpcId"
}
}
}

Human Readable Output#

Security group attach successfully

dome9-security-group-service-delete#


Delete a service from an AWS security group.

Base Command#

dome9-security-group-service-delete

Input#

Argument NameDescriptionRequired
sg_idSecurity group ID.Required
service_idService ID.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-security-group-service-delete service_id=6-56 sg_id=sg_id

Context Example#

{
"CheckPointDome9": {
"SecurityGroup": {
"Service": ""
}
}
}

Human Readable Output#

Service deleted successfully

dome9-security-group-tags-update#


Update the list of tags for an AWS security group.

Base Command#

dome9-security-group-tags-update

Input#

Argument NameDescriptionRequired
sg_idSecurity group ID.Required
keyThe key name.Required
valueThe value name.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-security-group-tags-update key=KEYkey value=VALUEvalue sg_id=sg_id

Context Example#

{
"CheckPointDome9": {
"SecurityGroup": {
"Tag": {
"keYkey": "VALUEvalue"
}
}
}
}

Human Readable Output#

Tag updated successfully

dome9-security-group-service-create#


Create a new service (rule) for the security group.

Base Command#

dome9-security-group-service-create

Input#

Argument NameDescriptionRequired
sg_idSecurity group ID.Required
policy_typeThe service type. Possible values are: Inbound, Outbound.Required
nameThe service name.Required
protocol_typeService protocol type. Possible values are: ALL, HOPOPT, ICMP, IGMP, GGP, IPV4, ST, TCP, CBT, EGP, IGP, BBN_RCC_MON, NVP2, PUP, ARGUS, EMCON, XNET, CHAOS, UDP, MUX, DCN_MEAS, HMP, PRM, XNS_IDP, TRUNK1, TRUNK2, LEAF1, LEAF2, RDP, IRTP, ISO_TP4, NETBLT, MFE_NSP, MERIT_INP, DCCP, ThreePC, IDPR, XTP, DDP, IDPR_CMTP, TPplusplus, IL, IPV6, SDRP, IPV6_ROUTE, IPV6_FRAG, IDRP, RSVP, GRE, DSR, BNA, ESP, AH, I_NLSP, SWIPE, NARP, MOBILE, TLSP, SKIP, ICMPV6, IPV6_NONXT, IPV6_OPTS, CFTP, SAT_EXPAK, KRYPTOLAN, RVD, IPPC, SAT_MON, VISA, IPCV, CPNX, CPHB, WSN, PVP, BR_SAT_MON, SUN_ND, WB_MON, WB_EXPAK, ISO_IP, VMTP, SECURE_VMTP, VINES, TTP, NSFNET_IGP, DGP, TCF, EIGRP, OSPFIGP, SPRITE_RPC, LARP, MTP, AX25, IPIP, MICP, SCC_SP, ETHERIP, ENCAP, GMTP, IFMP, PNNI, PIM, ARIS, SCPS, QNX, AN, IPCOMP, SNP, COMPAQ_PEER, IPX_IN_IP, VRRP, PGM, L2TP, DDX, IATP, STP, SRP, UTI, SMP, SM, PTP, ISIS, FIRE, CRTP, CRUDP, SSCOPMCE, IPLT, SPS, PIPE, SCTP, FC, RSVP_E2E_IGNORE, MOBILITY_HEADER, UDPLITE, MPLS_IN_IP, MANET, HIP, SHIM6, WESP, ROHC.Required
portThe service port (indicates a port range).Required
open_for_allIndicates if the service is open to all ports. Possible values are: True, False.Optional
descriptionService description.Optional
data_idIP list ID to attach.Optional
data_nameIP list name to attach.Optional
scope_typeScope type to attach. Possible values are: CIDR, IPList.Optional
is_validWhether the service is valid. Possible values are: True, False.Optional
inboundWhether the service is inbound. Possible values are: True, False.Optional
icmptypeICMP type (when protocol is ICMP). Possible values are: All, EchoReply, DestinationUnreachable, SourceQuench, Redirect, AlternateHostAddress, Echo, RouterAdvertisement, RouterSelection, TimeExceeded, ParameterProblem, Timestamp, TimestampReply, InformationRequest, InformationReply, AddressMaskRequest, AddressMaskReply, Traceroute, DatagramConversionError, MobileHostRedirect, IPv6WhereAreYou, IPv6IAmHere, MobileRegistrationRequest, MobileRegistrationReply, DomainNameRequest, DomainNameReply, SKIP, Photuris.Optional
icmpv6typeICMP V6 type (when protocol is ICMPV6).Optional

Context Output#

PathTypeDescription
CheckPointDome9.SecurityGroup.Service.idStringThe security group service ID.
CheckPointDome9.SecurityGroup.Service.namestringThe security group service name.
CheckPointDome9.SecurityGroup.Service.protocolTypeStringThe service protocol type.
CheckPointDome9.SecurityGroup.Service.portstringThe service port.
CheckPointDome9.SecurityGroup.Service.scopeStringThe service scope type.
CheckPointDome9.SecurityGroup.Service.descriptionstringThe service description.

Command example#

!dome9-security-group-service-create name=NewService0107 policy_type=Inbound port=port protocol_type=protocol sg_id=sg_id

Context Example#

{
"CheckPointDome9": {
"SecurityGroup": {
"Service": {
"description": null,
"icmpType": null,
"icmpv6Type": null,
"id": "id",
"inbound": true,
"name": "NewService0107",
"openForAll": false,
"port": "port",
"protocolType": "protocol",
"scope": []
}
}
}
}

Human Readable Output#

Security group service created successfully#

DescriptionIdNamePortProtocoltype
idNewService0107portprotocol

dome9-security-group-service-update#


Update a service (rule) for an AWS security group. Can update only the port and name.

Base Command#

dome9-security-group-service-update

Input#

Argument NameDescriptionRequired
sg_idSecurity group ID.Required
policy_typeThe service type. Possible values are: Inbound, Outbound.Required
service_nameService name.Required
protocol_typeThe service protocol type. Possible values are: ALL, HOPOPT, ICMP, IGMP, GGP, IPV4, ST, TCP, CBT, EGP, IGP, BBN_RCC_MON, NVP2, PUP, ARGUS, EMCON, XNET, CHAOS, UDP, MUX, DCN_MEAS, HMP, PRM, XNS_IDP, TRUNK1, TRUNK2, LEAF1, LEAF2, RDP, IRTP, ISO_TP4, NETBLT, MFE_NSP, MERIT_INP, DCCP, ThreePC, IDPR, XTP, DDP, IDPR_CMTP, TPplusplus, IL, IPV6, SDRP, IPV6_ROUTE, IPV6_FRAG, IDRP, RSVP, GRE, DSR, BNA, ESP, AH, I_NLSP, SWIPE, NARP, MOBILE, TLSP, SKIP, ICMPV6, IPV6_NONXT, IPV6_OPTS, CFTP, SAT_EXPAK, KRYPTOLAN, RVD, IPPC, SAT_MON, VISA, IPCV, CPNX, CPHB, WSN, PVP, BR_SAT_MON, SUN_ND, WB_MON, WB_EXPAK, ISO_IP, VMTP, SECURE_VMTP, VINES, TTP, NSFNET_IGP, DGP, TCF, EIGRP, OSPFIGP, SPRITE_RPC, LARP, MTP, AX25, IPIP, MICP, SCC_SP, ETHERIP, ENCAP, GMTP, IFMP, PNNI, PIM, ARIS, SCPS, QNX, AN, IPCOMP, SNP, COMPAQ_PEER, IPX_IN_IP, VRRP, PGM, L2TP, DDX, IATP, STP, SRP, UTI, SMP, SM, PTP, ISIS, FIRE, CRTP, CRUDP, SSCOPMCE, IPLT, SPS, PIPE, SCTP, FC, RSVP_E2E_IGNORE, MOBILITY_HEADER, UDPLITE, MPLS_IN_IP, MANET, HIP, SHIM6, WESP, ROHC.Required
portService port (indicates a port range).Required
open_for_allWhether the service is open to all ports. Possible values are: True, False.Optional
descriptionService description.Optional
data_idIP list ID.Optional
data_nameIP list name.Optional
scope_typeScope type. Possible values are: CIDR, IPList.Optional
is_validWhether the service is valid. Possible values are: True, False.Optional
inboundWhether the service is inbound. Possible values are: True, False.Optional
icmptypeICMP type (when protocol is ICMP). Possible values are: All, EchoReply, DestinationUnreachable, SourceQuench, Redirect, AlternateHostAddress, Echo, RouterAdvertisement, RouterSelection, TimeExceeded, ParameterProblem, Timestamp, TimestampReply, InformationRequest, InformationReply, AddressMaskRequest, AddressMaskReply, Traceroute, DatagramConversionError, MobileHostRedirect, IPv6WhereAreYou, IPv6IAmHere, MobileRegistrationRequest, MobileRegistrationReply, DomainNameRequest, DomainNameReply, SKIP, Photuris.Optional
icmpv6typeICMP V6 type (when protocol is ICMPV6).Optional

Context Output#

PathTypeDescription
CheckPointDome9.SecurityGroup.Service.idStringThe security group service ID.
CheckPointDome9.SecurityGroup.Service.namestringThe security group service name.
CheckPointDome9.SecurityGroup.Service.protocolTypeStringThe service protocol type.
CheckPointDome9.SecurityGroup.Service.portstringThe service port.
CheckPointDome9.SecurityGroup.Service.scopeTypeStringThe service scope type.
CheckPointDome9.SecurityGroup.Service.descriptionstringThe service description.

Command example#

!dome9-security-group-service-update service_name=name policy_type=Inbound port=port protocol_type=protocol sg_id=sg_id

Context Example#

{
"CheckPointDome9": {
"SecurityGroup": {
"Service": {
"description": null,
"icmpType": null,
"icmpv6Type": null,
"id": "id",
"inbound": true,
"name": "name",
"openForAll": false,
"port": "port",
"protocolType": "protocol",
"scope": []
}
}
}
}

Human Readable Output#

Security group service updated successfully#

DescriptionIdNamePortProtocoltype
idnameportprotocol

dome9-security-group-instance-detach#


Detach the security group from an AWS EC2 Instance.

Base Command#

dome9-security-group-instance-detach

Input#

Argument NameDescriptionRequired
instance_idAWS instance ID.Required
sg_idAWS security group internal ID.Required
nic_nameThe instance NIC name. Use the dome9-instance-list command to get this argument.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-security-group-instance-detach instance_id=i-instanceID nic_name=eth0 sg_id=sg_id

Context Example#

{
"CheckPointDome9": {
"Instance": {
"amiLaunchIndex": 0,
"architecture": "architecture",
"blockDeviceMappings": [
{
"deviceName": "deviceName",
"ebs": {
"attachTime": "attachTime",
"deleteOnTermination": true,
"status": "status",
"volumeId": "volumeId"
}
}
],
"clientToken": null,
"ebsOptimized": false,
"enaSupport": true,
"externalId": "externalId",
"hypervisor": "hypervisor",
"iamInstanceProfile": null,
"imageId": "imageId",
"imageName": null,
"instanceId": "instanceId",
"instanceLifecycle": null,
"instanceType": "instanceType",
"isMicro": true,
"isRunning": true,
"kernelId": null,
"keyName": "keyName",
"launchTime": "launchTime",
"monitoring": {
"state": "state"
},
"networkInterfaces": [
{
"association": {
"ipOwnerId": "ipOwnerId",
"publicDnsName": "publicDnsName",
"publicIp": "publicIp"
},
"attachment": {
"attachTime": "attachTime",
"attachmentId": "attachmentId",
"deleteOnTermination": true,
"deviceIndex": 0,
"status": "status"
},
"description": null,
"groups": [
{
"groupId": "groupId",
"groupName": "groupName"
}
],
"ipv6Addresses": [],
"macAddress": "macAddress",
"networkInterfaceId": "networkInterfaceId",
"ownerId": "ownerId",
"privateDnsName": "privateDnsName",
"privateIpAddress": "privateIpAddress",
"privateIpAddresses": [
{
"association": {
"ipOwnerId": "ipOwnerId",
"publicDnsName": "publicDnsName",
"publicIp": "publicIp"
},
"primary": true,
"privateDnsName": "privateDnsName",
"privateIpAddress": "privateIpAddress"
}
],
"sourceDestCheck": true,
"status": "status",
"subnetId": "subnetId",
"vpcId": "vpcId"
}
],
"niCs": [
{
}
],
"osType": "osType",
"placement": {
"affinity": null,
"availabilityZone": "availabilityZone",
"groupName": null,
"hostId": null,
"tenancy": "tenancy"
},
"platform": null,
"privateDnsName": "privateDnsName",
"privateIpAddress": "privateIpAddress",
"productCodes": [],
"profileArn": null,
"publicDnsName": "publicDnsName",
"publicIpAddress": "publicIpAddress",
"ramdiskId": null,
"rootDeviceName": "rootDeviceName",
"rootDeviceType": "rootDeviceType",
"securityGroups": [
],
"sourceDestCheck": true,
"spotInstanceRequestId": null,
"sriovNetSupport": null,
"state": {
},
"stateReason": null,
"stateTransitionReason": null,
"subnetId": "subnetId",
"tags": [
{
"key": "Name",
"value": "value"
}
],
"virtualizationType": "virtualizationType",
"vpcId": "vpcId"
}
}
}

Human Readable Output#

Security group detach successfully

dome9-instance-list#


Fetch an AWS EC2 instance.

Base Command#

dome9-instance-list

Input#

Argument NameDescriptionRequired
instance_idAWS instance ID.Optional

Context Output#

PathTypeDescription
CheckPointDome9.Instance.externalIdStringThe instance external ID.
CheckPointDome9.Instance.regionstringThe instance region.
CheckPointDome9.Instance.nicsStringThe instance NIC names.
CheckPointDome9.Instance.namestringThe instance name.

Command example#

!dome9-instance-list

Context Example#

{
"CheckPointDome9": {
"Instance": [
{
"accountId": "account_id",
"cloudAccountId": "cloudAccountId",
"externalId": "i-externalId",
"image": "ami-image",
"instanceType": "instanceType",
"isBillable": true,
"isRunning": true,
"kernelId": null,
"launchTime": "launchTime",
"name": "name",
"nics": [
{
"name": "name"
}
],
"platform": "platform",
"profileArn": "profileArn",
"publicDnsName": "publicDnsName",
"region": "region",
"roleArns": [
"roleArns"
],
"ssmAgentInstanceInformation": null,
"tags": {
"Name": "Name"
},
"vpc": "vpc"
}
]
}
}

Human Readable Output#

AWS instances#

Showing 5 rows out of 5. |Accountid|Cloudaccountid|Externalid|Image|Instancetype|Isbillable|Isrunning|Kernelid|Launchtime|Name|Nics|Platform|Profilearn|Publicdnsname|Region|Rolearns|Ssmagentinstanceinformation|Tags|Vpc| |---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---| | account_id | cloudAccountId | i-Externalid | ami | Instancetype | true | true | | someDate | name | Nics | | | | region | arn| | Name | vpc |

dome9-security-group-protection-mode-update#


Change the protection mode for an AWS security group (FullManage or ReadOnly).

Base Command#

dome9-security-group-protection-mode-update

Input#

Argument NameDescriptionRequired
protection_modeThe protection mode to update. Possible values are: FullManage, ReadOnly.Required
sg_idSecurity group ID.Required

Context Output#

There is no context output for this command.

Command example#

!dome9-security-group-protection-mode-update protection_mode=FullManage sg_id=sg_id

Context Example#

{
"CheckPointDome9": {
"SecurityGroup": {
"cloud_account_id": "cloudAccountId",
"cloud_account_name": "cloud_account_name",
"description": "description",
"isProtected": true,
"region_id": "region",
"security_group_external_id": "sg_id",
"security_group_id": "sg_id",
"security_group_name": "security_group_name",
"vpc_id": "vpc"
}
}
}

Human Readable Output#

protection mode updated for security group :#

Cloud Account IdCloud Account NameDescriptionIsprotectedRegion IdSecurity Group External IdSecurity Group IdSecurity Group NameVpc Id
cloudAccountIdnamedescriptiontrueregionsg_idsg_idsg_namevpc

dome9-cloud-accounts-list#


Get the cloud account list.

Base Command#

dome9-cloud-accounts-list

Input#

Argument NameDescriptionRequired
account_idaccount ID.Optional
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional
cloud_account_odThe cloud account ID.Optional

Context Output#

There is no context output for this command.

Command example#

!dome9-cloud-accounts-list

Context Example#

{
"CheckPointDome9": {
"CloudAccount": {
"allowReadOnly": false,
"creationDate": "creationDate",
"credentials": {
"apikey": null,
"arn": "arn",
"iamUser": null,
"isReadOnly": true,
"secret": null,
"type": "type"
},
"error": null,
"externalAccountNumber": "externalAccountNumber",
"fullProtection": false,
"iamSafe": {
},
"id": "cloudAccountId",
"isFetchingSuspended": false,
"lambdaScanner": false,
"magellan": true,
"name": "name",
"netSec": {
"regions": [
]
},
"onboardingMode": "onboardingMode",
"organizationalUnitId": null,
"organizationalUnitName": "organizationalUnitName",
"organizationalUnitPath": "",
"serverless": {
},
"vendor": "vendor"
}
}
}

Human Readable Output#

Cloud accounts:#

Showing 1 rows out of 1. |Id|Vendor|Externalaccountnumber|Creationdate|Organizationalunitname| |---|---|---|---|---| | cloudAccountId | vendor | number |date | name |

dome9-security-group-ip-list-details-get#


Get AWS cloud accounts for a specific security group and region and check if there is an IP list to attach to a security group.

Base Command#

dome9-security-group-ip-list-details-get

Input#

Argument NameDescriptionRequired
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional
sg_idSecurity group ID.Optional

Context Output#

PathTypeDescription
CheckPointDome9.SecurityGroup.security_group_idStringThe security group ID.

Command example#

!dome9-security-group-ip-list-details-get

Context Example#

{
"CheckPointDome9": {
"SecurityGroup": [
{
"cloud_account_id": "cloudAccountId",
"cloud_account_name": "cloud_account_name",
"description": "description",
"isProtected": true,
"region_id": "region",
"security_group_external_id": "sg_id",
"security_group_id": "sg_id",
"security_group_name": "security_group_name",
"vpc_id": "vpc"
}
]
}
}

Human Readable Output#

Security Groups:#

Showing 1 rows out of 24. |Cloud Account Id|Cloud Account Name|Description|Isprotected|Region Id|Security Group External Id|Security Group Id|Security Group Name|Vpc Id| |---|---|---|---|---|---|---|---|---| | cloudAccountId | name | description | true | region | sg_id | sg_id | sg_name | vpc |

dome9-security-group-list#


Get all security group entities.

Base Command#

dome9-security-group-list

Input#

Argument NameDescriptionRequired
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
CheckPointDome9.SecurityGroup.security_group_idStringThe security group ID.

Command example#

!dome9-security-group-list

Context Example#

{
"CheckPointDome9": {
"SecurityGroup": [
{
"cloudAccountId": "cloudAccountId",
"cloudAccountName": "cloudAccountName",
"externalId": "sg",
"regionId": "region",
"securityGroupName": "securityGroupName",
"vpcId": "vpc"
}
]
}
}

Human Readable Output#

Security Groups:#

Showing 1 rows out of 107. |Cloud Account Id|Region Id|Security Group Id|Security Group Name|Vpc Id| |---|---|---|---|---| | cloudAccountId | region | sg | name | vpc |

dome9-global-search-get#


Get top results for each service.

Base Command#

dome9-global-search-get

Input#

Argument NameDescriptionRequired
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
CheckPointDome9.GlobalSearch.Alert.idStringThe global search alert ID.
CheckPointDome9.GlobalSearch.Alert.typeStringThe global search alert type.
CheckPointDome9.GlobalSearch.Alert.severityStringThe global search alert severity.

Command example#

!dome9-global-search-get

Context Example#

{
"CheckPointDome9": {
"GlobalSearch": {
"Alert": [
{
"alertType": "alertType",
"bundleId": "bundleId",
"cloudAccountExternalId": "cloudAccountExternalId",
"cloudAccountId": "cloudAccountId",
"createdTime": "createdTime",
"description": "description",
"entityName": "entityName",
"id": "id",
"remediation": "remediation",
"ruleName": "ruleName",
"severity": "severity",
"updatedTime": "updatedTime"
},
{
"alertType": "alertType",
"bundleId": "bundleId",
"cloudAccountExternalId": "cloudAccountExternalId",
"cloudAccountId": "cloudAccountId",
"createdTime": "createdTime",
"description": "description",
"entityName": "entityName",
"id": "id",
"remediation": "remediation",
"ruleName": "ruleName",
"severity": "severity",
"updatedTime": "updatedTime"
}
]
}
}
}

Human Readable Output#

Global Search#

AlerttypeBundleidCloudaccountexternalidCloudaccountidCreatedtimeDescriptionEntitynameIdRemediationRulenameSeverityUpdatedtime
AlerttypeBundleidCloudaccountexternalidCloudaccountiddateDescriptionEntitynameidRemediationrule nameSeverityUpdatedtime
AlerttypeBundleidCloudaccountexternalidCloudaccountiddateDescriptionEntitynameidremediationrule nameSeverityUpdatedtime

dome9-cloud-trail-get#


Get CloudTrail events for a Dome9 user.

Base Command#

dome9-cloud-trail-get

Input#

Argument NameDescriptionRequired
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
CheckPointDome9.CloudTrail.idStringThe CloudTrail ID.
CheckPointDome9.CloudTrail.nameStringThe CloudTrail name.
CheckPointDome9.CloudTrail.trailArnStringThe CloudTrail ARN.
CheckPointDome9.CloudTrail.accountIdStringThe CloudTrail account ID.

Command example#

!dome9-cloud-trail-get

Context Example#

{
"CheckPointDome9": {
"CloudTrail": {
"accountId": "account_id",
"cloudAccountId": "cloudAccountId",
"cloudTrailStatus": {
},
"cloudWatchLogsLogGroupArn": null,
"cloudWatchLogsRoleArn": null,
"externalId": "arn",
"homeRegion": "homeRegion",
"id": "id",
"includeGlobalServiceEvents": true,
"isMultiRegionTrail": true,
"kmsKeyId": null,
"logFileValidationEnabled": true,
"name": "name",
"region": "region",
"s3BucketName": "s3BucketName",
"s3KeyPrefix": null,
"snsTopicArn": null,
"snsTopicName": null,
"trailArn": "arn"
}
}
}

Human Readable Output#

Cloud Trail#

Showing 1 rows out of 1. |Accountid|Cloudaccountid|Cloudtrailstatus|Cloudwatchlogsloggrouparn|Cloudwatchlogsrolearn|Externalid|Homeregion|Id|Includeglobalserviceevents|Ismultiregiontrail|Kmskeyid|Logfilevalidationenabled|Name|Region|S3bucketname|S3keyprefix|Snstopicarn|Snstopicname|Trailarn| |---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---| | account_id | cloudAccountId | status | | | arn | us-east-1 | id | true | true | | true | name | region | name | | | | arn |

dome9-organizational-unit-view-get#


Get organizational unit view entities.

Base Command#

dome9-organizational-unit-view-get

Input#

Argument NameDescriptionRequired
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
CheckPointDome9.OrganizationalUnitView.idStringThe organizational unit ID.
CheckPointDome9.OrganizationalUnitView.nameStringThe organizational unit name.
CheckPointDome9.OrganizationalUnitView.pathStringThe organizational unit path.
CheckPointDome9.OrganizationalUnitView.childrenStringThe organizational unit children.

Command example#

!dome9-organizational-unit-view-get

Context Example#

{
"CheckPointDome9": {
"OrganizationalUnitView": {
"children": [],
"id": "id",
"name": "name",
"path": "path"
}
}
}

Human Readable Output#

Organizational Unit View#

ChildrenIdNamePath
idnamename

dome9-organizational-unit-flat-get#


Get flat organizational units.

Base Command#

dome9-organizational-unit-flat-get

Input#

Argument NameDescriptionRequired
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
CheckPointDome9.OrganizationalUnitFlat.idStringThe organizational unit ID.
CheckPointDome9.OrganizationalUnitFlat.nameStringThe organizational unit name.
CheckPointDome9.OrganizationalUnitFlat.pathStringThe organizational unit path.
CheckPointDome9.OrganizationalUnitFlat.parentIdStringThe organizational unit parent ID.

Command example#

!dome9-organizational-unit-flat-get

Human Readable Output#

Organizational Unit Flat#

Showing 0 rows out of 0. No entries.

dome9-organizational-unit-get#


Get an organizational unit by its ID.

Base Command#

dome9-organizational-unit-get

Input#

Argument NameDescriptionRequired
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional
unit_idThe organizational unit ID.Optional

Context Output#

PathTypeDescription
CheckPointDome9.OrganizationalUnit.idStringThe organizational unit ID.
CheckPointDome9.OrganizationalUnit.nameStringThe organizational unit name.
CheckPointDome9.OrganizationalUnit.pathStringThe organizational unit path.
CheckPointDome9.OrganizationalUnit.parentIdStringThe organizational unit parent ID.

Command example#

!dome9-organizational-unit-get

Context Example#

{
"CheckPointDome9": {
"OrganizationalUnit": {
"accountId": 0,
"alibabaAggregateCloudAccountsCount": 0,
"alibabaCloudAccountsCount": 0,
"awsAggregatedCloudAcountsCount": 1,
"awsCloudAcountsCount": 1,
"azureAggregateCloudAccountsCount": 0,
"azureCloudAccountsCount": 0,
"containerRegistryAccountsCount": 0,
"containerRegistryAggregateCloudAccountsCount": 0,
"created": "created",
"googleAggregateCloudAccountsCount": 0,
"googleCloudAccountsCount": 0,
"id": "id",
"isParentRoot": true,
"isRoot": true,
"k8sAggregateCloudAccountsCount": 0,
"k8sCloudAccountsCount": 0,
"name": "name",
"parentId": null,
"path": null,
"pathStr": null,
"shiftLeftAggregateCloudAccountsCount": 0,
"shiftLeftCloudAccountsCount": 0,
"subOrganizationalUnitsCount": 0,
"updated": "updated"
}
}
}

Human Readable Output#

Organizational Unit#

AccountidAlibabaaggregatecloudaccountscountAlibabacloudaccountscountAwsaggregatedcloudacountscountAwscloudacountscountAzureaggregatecloudaccountscountAzurecloudaccountscountContainerregistryaccountscountContainerregistryaggregatecloudaccountscountCreatedGoogleaggregatecloudaccountscountGooglecloudaccountscountIdIsparentrootIsrootK8saggregatecloudaccountscountK8scloudaccountscountNameParentidPathPathstrShiftleftaggregatecloudaccountscountShiftleftcloudaccountscountSuborganizationalunitscountUpdated
000110000date00idtruetrue00name000date

dome9-findings-get#


Get a findings by its ID.

Base Command#

dome9-findings-get

Input#

Argument NameDescriptionRequired
finding_idThe findings ID.Required

Context Output#

PathTypeDescription
CheckPointDome9.Finding.idStringThe findings ID.
CheckPointDome9.Finding.bundleIdStringThe findings bundle ID.
CheckPointDome9.Finding.severityStringThe findings severity.
CheckPointDome9.Finding.descriptionStringThe findings description.
CheckPointDome9.Finding.remediationStringThe findings remediation.
CheckPointDome9.Finding.regionStringThe findings region.
CheckPointDome9.Finding.cloudAccountIdStringThe findings cloud account ID.

Command example#

!dome9-findings-get finding_id=finding_id

Context Example#

{
"CheckPointDome9": {
"Finding": {
"acknowledged": false,
"action": "action",
"additionalFields": [],
"alertType": "alertType",
"bundleId": "bundleId",
"bundleName": "bundleName",
"category": "",
"cloudAccountExternalId": "id",
"cloudAccountId": "cloudAccountId",
"cloudAccountType": "cloudAccountType",
"comments": [],
"createdTime": "createdTime",
"description": "description",
"entityDome9Id": "entityDome9Id",
"entityExternalId": "entityExternalId",
"entityName": "entityName",
"entityNetwork": null,
"entityObject": {
},
"entityTags": [],
"bundleId": "bundleId",
"entityTypeByEnvironmentType": "",
"findingKey": "",
"id": "finding_id",
"isExcluded": false,
"labels": [],
"lastSeenTime": "lastSeenTime",
"magellan": null,
"occurrences": [],
"organizationalUnitId": "id",
"organizationalUnitPath": "",
"origin": "origin",
"ownerUserName": null,
"region": "Region",
"remediation": "remediation",
"remediationActions": [],
"ruleId": "ruleId",
"ruleLogic": "ruleLogic",
"ruleName": "ruleName",
"scanId": null,
"severity": "severity",
"status": "status",
"tag": "tag",
"updatedTime": "updatedTime",
"webhookResponses": null
}
}
}

Human Readable Output#

Finding

dome9-findings-bundle-get#


Get the findings for a specific rule in a bundle, for all of the user's accounts.

Base Command#

dome9-findings-bundle-get

Input#

Argument NameDescriptionRequired
pagePage number of paginated results. Minimum value: 1.Optional
page_sizeNumber of items per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional
bundle_idThe bundle ID. Use the dome9-compliance-ruleset-list command to get the bundle ID list.Required
rule_logic_hashMD5 hash of the rule GSL string. Use the compliance-ruleset-rule-list command to fetch the logic hash.Required

Context Output#

PathTypeDescription
CheckPointDome9.FindingsBundle.idStringThe CloudTrail ID.
CheckPointDome9.FindingsBundle.severityStringThe CloudTrail name.
CheckPointDome9.FindingsBundle.remediationStringThe Cloud Trail ARN.
CheckPointDome9.FindingsBundle.accountIdStringThe CloudTrail account ID.
CheckPointDome9.FindingsBundle.descriptionStringThe CloudTrail ARN.
CheckPointDome9.FindingsBundle.regionStringThe CloudTrail account ID.

Command example#

!dome9-findings-bundle-get bundle_id=bundle_id rule_logic_hash=ruleLogicHash

Human Readable Output#

Findings Bundle#

No entries.