Check Point Dome9 (CloudGuard)
Check Point Dome9 (CloudGuard) Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.2.0 and later.
Dome9 integration allows to easily manage the security and compliance of the public cloud. This integration was integrated and tested with version 2 of checkpointdome9
#
Configure Check Point Dome9 (CloudGuard) in CortexParameter | Description | Required |
---|---|---|
Server URL | True | |
API key ID | True | |
API key secret | True | |
Use system proxy settings | False | |
Trust any certificate (not secure) | False | |
Maximum incidents for one fetch. | Maximum number of incidents per fetch. Default is 50. The maximum is 100. | False |
Fetch incidents | False | |
Alert region (AWS) to fetch as incidents. | False | |
Alert severity to fetch as incidents. | False | |
First fetch time | First alert created date to fetch. e.g., "1 min ago","2 weeks ago","3 months ago" | False |
Incident type | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
dome9-access-lease-listGet a list of all active Access Leases.
#
Base Commanddome9-access-lease-list
#
InputArgument Name | Description | Required |
---|---|---|
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.AccessLease.cloudAccountId | String | The AWS Access Leases cloud account ID. |
CheckPointDome9.AccessLease.region | String | The AWS Access Leases region. |
CheckPointDome9.AccessLease.securityGroupId | String | The AWS Access Leases security group ID. |
CheckPointDome9.AccessLease.created | String | The AWS Access Leases created date. |
CheckPointDome9.AccessLease.user | String | The AWS Access Leases user. |
CheckPointDome9.AccessLease.length | String | The AWS Access Leases length. |
CheckPointDome9.AccessLease.protocol | String | The AWS Access Leases protocol. |
CheckPointDome9.AccessLease.id | String | The AWS Access Leases ID. |
#
Command example!dome9-access-lease-list
#
Context Example#
Human Readable Output#
Access Lease:Showing 1 rows out of 1. |Id|Name|Ip|User|Region|Length|Created| |---|---|---|---|---|---|---| | id | name | ip | userMail | region | length | created |
#
dome9-access-lease-deleteTerminate an Access Lease.
#
Base Commanddome9-access-lease-delete
#
InputArgument Name | Description | Required |
---|---|---|
lease_id | The Access Lease ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-access-lease-delete lease_id=id
#
Context Example#
Human Readable OutputAccess Lease Deleted successfully
#
dome9-access-lease-invitation-listGet a lease invitation.
#
Base Commanddome9-access-lease-invitation-list
#
InputArgument Name | Description | Required |
---|---|---|
invitation_id | The Access Lease invitation ID. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.AccessLease.Invitation.length | String | The Access Lease invitation length. |
CheckPointDome9.AccessLease.Invitation.id | String | The Access Lease invitation ID. |
CheckPointDome9.AccessLease.Invitation.created | String | The Access Lease invitation created time. |
CheckPointDome9.AccessLease.Invitation.recipientName | String | The Access Lease invitation recipient name. |
#
Command example!dome9-access-lease-invitation-list
#
Context Example#
Human Readable Output#
Access Lease invitationShowing 1 rows out of 1. |Id|Issuername|Recipientname|Length|Created| |---|---|---|---|---| | id | userMail | userMail | length | created |
#
dome9-access-lease-invitation-deleteDelete an Access Lease invitation.
#
Base Commanddome9-access-lease-invitation-delete
#
InputArgument Name | Description | Required |
---|---|---|
invitation_id | Access Lease invitation. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-access-lease-invitation-delete invitation_id=invitation_id
#
Context Example#
Human Readable OutputAccess Lease Invitation Deleted successfully
#
dome9-findings-searchSearch for findings in CloudGuard.
#
Base Commanddome9-findings-search
#
InputArgument Name | Description | Required |
---|---|---|
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
severity | The findings severities. Possible values are: High, Medium, Low. | Optional |
region | The findings regions. Possible values are: N. Virginia, Global, Canada Central, Frankfurt, Ireland, London, Mumbai, N. California, Ohio, Oregon, Osaka, Paris, Seoul, Singapore, Stockholm, Sydney, São Paulo, Tokyo. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.Findings.id | String | The findings ID. |
CheckPointDome9.Findings.severity | String | The severity of the findings. |
CheckPointDome9.Findings.region | String | The findings region. |
CheckPointDome9.Findings.status | Number | The status of the findings. |
CheckPointDome9.Findings.action | String | The action of the findings. |
CheckPointDome9.Findings.alertType | Number | The alert type of the findings. |
#
Command example!dome9-findings-search
#
Context Example#
Human Readable Output#
Findings:Showing 1 rows out of 48. |Id|Alerttype|Severity|Region|Status|Action|Cloudaccountid|Description| |---|---|---|---|---|---|---|---| | id | alertType | severity | region | status | action | Cloudaccountid | Description |
#
dome9-ip-list-createAdd a new IP list.
#
Base Commanddome9-ip-list-create
#
InputArgument Name | Description | Required |
---|---|---|
name | The IP list name. | Required |
description | The IP list description. | Required |
ip | Comma-separated list of IP addresses. | Optional |
comment | Comma-separated list of comments for the IP addresses. One comment per IP address. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.IpList.id | String | The IP list ID. |
CheckPointDome9.IpList.name | String | The IP list name. |
CheckPointDome9.IpList.description | String | The IP list description. |
CheckPointDome9.IpList.items | String | The IP list items (IP addresses). |
#
Command example!dome9-ip-list-create description=description2022 name=name31072022
#
Context Example#
Human Readable OutputIP list created successfully
#
dome9-ip-list-updateUpdate an IP list. This will override the existing IP list.
#
Base Commanddome9-ip-list-update
#
InputArgument Name | Description | Required |
---|---|---|
list_id | The IP list ID. | Required |
description | The IP list description. | Optional |
ip | Comma-separated list of IP addresses. | Optional |
comment | Comma-separated list of comments for the IP addresses. One comment per IP address. | Optional |
update_mode | The command mode. Default mode is add_new_items. Possible values are: add_new_items, replace_old_items. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-ip-list-update list_id=id description=NEW
#
Context Example#
Human Readable OutputIP list updated successfully
#
dome9-ip-list-getGet an IP List by ID.
#
Base Commanddome9-ip-list-get
#
InputArgument Name | Description | Required |
---|---|---|
list_id | The IP list ID to fetch. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.IpList.id | String | The IP list ID. |
CheckPointDome9.IpList.name | String | The IP list name. |
CheckPointDome9.IpList.description | String | The IP list description. |
CheckPointDome9.IpList.items | String | The IP list items (IP addresses). |
#
Command example!dome9-ip-list-get
#
Context Example#
Human Readable Output#
IP list
Id Name Items Description id NewList-2 ip description
#
dome9-ip-list-deleteDelete an IP List by ID.
#
Base Commanddome9-ip-list-delete
#
InputArgument Name | Description | Required |
---|---|---|
list_id | The ID of the IP list to delete. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-ip-list-delete list_id=id
#
Context Example#
Human Readable OutputIP list deleted successfully
#
dome9-ip-list-metadata-listGet all IP addresses metadata.
#
Base Commanddome9-ip-list-metadata-list
#
InputArgument Name | Description | Required |
---|---|---|
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.IpList.Metadata.id | String | The IP address internal ID. |
CheckPointDome9.IpList.Metadata.cidr | string | The IP address CIDR. |
CheckPointDome9.IpList.Metadata.name | String | The IP address name. |
CheckPointDome9.IpList.Metadata.classification | String | The IP address classification. |
#
Command example!dome9-ip-list-metadata-list
#
Context Example#
Human Readable Output#
IP List metadataShowing 8 rows out of 8. |Id|Name|Cidr|Classification| |---|---|---|---| | id | name | cidr | classification |
#
Command example!dome9-ip-list-metadata-list
#
Context Example#
Human Readable Output#
IP List metadataShowing 8 rows out of 8. |Id|Name|Cidr|Classification| |---|---|---|---| | id | name | cidr | classification |
#
dome9-ip-list-metadata-createAdd metadata for a new IP address. An IP address metadata must contain the CIDR, name, and classification. Classification can be External, Unsafe, Dmz, InternalVpc, InternalDc, or NoClassification.
#
Base Commanddome9-ip-list-metadata-create
#
InputArgument Name | Description | Required |
---|---|---|
cidr | The IP address CIDR. | Required |
name | The IP address name. | Required |
classification | The IP address classification. Possible values are: External, Unsafe, Dmz, InternalVpc, InternalDc, NoClassification.. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.IpList.Metadata.id | String | The IP address internal ID. |
CheckPointDome9.IpList.Metadata.cidr | string | The IP address CIDR. |
CheckPointDome9.IpList.Metadata.name | String | The IP address name. |
CheckPointDome9.IpList.Metadata.classification | String | The IP address classification. |
#
Command example!dome9-ip-list-metadata-create cidr=cidr classification=classification name=metadata
#
Context Example#
Human Readable Output#
IP List metadata created successfully
Cidr Classificaiton Classification Id Name cidr classification classification id metadata
#
dome9-ip-list-metadata-updateUpdate an existing IP address metadata. Classification can only be External, Unsafe, Dmz, InternalVpc, InternalDc, or NoClassification.
#
Base Commanddome9-ip-list-metadata-update
#
InputArgument Name | Description | Required |
---|---|---|
list_metadata_id | The IP address internal ID. | Required |
name | The IP address nName. | Optional |
classification | The IP address classification. Possible values are: External, Unsafe, Dmz, InternalVpc, InternalDc, NoClassification.. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.IpList.Metadata.id | String | The IP address internal ID. |
CheckPointDome9.IpList.Metadata.cidr | string | The IP address CIDR. |
CheckPointDome9.IpList.Metadata.name | String | The IP address Name. |
CheckPointDome9.IpList.Metadata.classification | String | The IP address classification. |
#
Command example!dome9-ip-list-metadata-update classification=classification list_metadata_id=list_metadata_id name=NewName
#
Context Example#
Human Readable Output#
IP List metadata updated successfully
Cidr Classificaiton Classification Id Name cidr classification classification list_metadata_id NewName
#
dome9-ip-list-metadata-deleteDelete an IP address metadata with a specific CIDR.
#
Base Commanddome9-ip-list-metadata-delete
#
InputArgument Name | Description | Required |
---|---|---|
account_id | The account ID. | Required |
address | The IP address to delete. | Required |
mask | The subnet mask. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-ip-list-metadata-delete account_id=account_id address=ip mask=32
#
Context Example#
Human Readable OutputIP List metadata deleted successfully
#
dome9-compliance-remediation-getGet a list of remediations for the account.
#
Base Commanddome9-compliance-remediation-get
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.ComplianceRemediation.id | String | Remediation ID. |
CheckPointDome9.ComplianceRemediation.ruleLogicHash | String | Hash for the rule logic. |
CheckPointDome9.ComplianceRemediation.ruleName | String | Rule name. |
CheckPointDome9.ComplianceRemediation.ruleId | String | Rule ID. |
CheckPointDome9.ComplianceRemediation.logic | String | The GSL logic of the exclusion. |
CheckPointDome9.ComplianceRemediation.rulesetId | Number | Ruleset ID. |
CheckPointDome9.ComplianceRemediation.platform | String | Remediation platform. |
CheckPointDome9.ComplianceRemediation.cloudBots | String | Cloud bots execution expressions. |
#
Command example!dome9-compliance-remediation-get
#
Context Example#
Human Readable Output#
Compliance remediation:
Id Rulelogichash Rulesetid Platform Comment Cloudbots id ruleLogicHash ruleset_id platform comment cloudbots
#
dome9-compliance-remediation-createAdd a new remediation.
#
Base Commanddome9-compliance-remediation-create
#
InputArgument Name | Description | Required |
---|---|---|
ruleset_id | Ruleset ID to apply remediation on. Use the dome9-compliance-ruleset-list command to get the Ruleset ID list. | Required |
comment | Comment text. | Required |
cloudbots | Cloud bots execution expressions. Possible values are: ami_set_to_private, acm_delete_certificate, cloudtrail_enable, cloudtrail_enable_log_file_validation, cloudtrail_send_to_cloudwatch, cloudwatch_create_metric_filter, config_enable, ec2_attach_sg, ec2_attach_instance_role, ec2_create_snapshot, ec2_release_eips, ec2_quarantine_instance, ec2_stop_instance, ec2_terminate_instance, ec2_update_instance_role, ec2_service_role_detach_inline_group, iam_detach_policy, iam_group_delete_inline_group, iam_generate_credential_report, iam_role_attach_policy, iam_user_attach_policy, iam_user_deactivate_unused_access_key, iam_user_delete_inline_policies, iam_user_disable_console_password, iam_user_force_password_change, iam_quarantine_role, iam_quarantine_user, iam_role_clone_with_non_enumerable_name, iam_turn_on_password_policy, igw_delete, kms_cmk_enable_key, kms_enable_rotation, lambda_detach_blanket_permissions, lambda_tag, lambda_enable_active_tracing, load_balancer_enable_access_logs, mark_for_stop_ec2_resource. | Required |
rule_logic_hash | Hash for the rule logic. Use the compliance-ruleset-rule-list command to fetch logic hash. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-compliance-remediation-create cloudbots=cloudbots comment=COMMENT rule_logic_hash=rule_logic_hash/k4lIw ruleset_id=rule_id
#
Context Example#
Human Readable Output#
Remediation created successfully
Cloudbots Id Rulelogichash Rulesetid Platform Comment cloudbots id ruleLogicHash ruleset_id platform COMMENT
#
dome9-compliance-remediation-updateUpdate a remediation.
#
Base Commanddome9-compliance-remediation-update
#
InputArgument Name | Description | Required |
---|---|---|
remediation_id | Remediation ID. | Required |
ruleset_id | Ruleset ID. | Required |
comment | Comment text. | Required |
cloudbots | Cloud bots execution expressions. Possible values are: ami_set_to_private, acm_delete_certificate, cloudtrail_enable, cloudtrail_enable_log_file_validation, cloudtrail_send_to_cloudwatch, cloudwatch_create_metric_filter, config_enable, ec2_attach_sg, ec2_attach_instance_role, ec2_create_snapshot, ec2_release_eips, ec2_quarantine_instance, ec2_stop_instance, ec2_terminate_instance, ec2_update_instance_role, ec2_service_role_detach_inline_group, iam_detach_policy, iam_group_delete_inline_group, iam_generate_credential_report, iam_role_attach_policy, iam_user_attach_policy, iam_user_deactivate_unused_access_key, iam_user_delete_inline_policies, iam_user_disable_console_password, iam_user_force_password_change, iam_quarantine_role, iam_quarantine_user, iam_role_clone_with_non_enumerable_name, iam_turn_on_password_policy, igw_delete, kms_cmk_enable_key, kms_enable_rotation, lambda_detach_blanket_permissions, lambda_tag, lambda_enable_active_tracing, load_balancer_enable_access_logs, mark_for_stop_ec2_resource. | Required |
rule_logic_hash | Hash for the rule logic. Use the compliance-ruleset-rule-list command to fetch logic hash. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-compliance-remediation-update remediation_id=r_id cloudbots=cloudbots comment=COMMENT rule_logic_hash=ruleLogicHash ruleset_id=ruleset_id
#
Context Example#
Human Readable Output#
Remediation updated successfully
Cloudbots Id Rulelogichash Rulesetid Platform Comment cloudbots r_id ruleLogicHash ruleset_id platform COMMENT
#
dome9-compliance-remediation-deleteDelete a remediation.
#
Base Commanddome9-compliance-remediation-delete
#
InputArgument Name | Description | Required |
---|---|---|
remediation_id | Remediation ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-compliance-remediation-delete remediation_id=remediation_id
#
Context Example#
Human Readable OutputRemediation deleted successfully
#
dome9-compliance-ruleset-listGet all Rulesets for the account.
#
Base Commanddome9-compliance-ruleset-list
#
InputArgument Name | Description | Required |
---|---|---|
ruleset_id | The Ruleset ID. | Optional |
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.ComplianceRuleset.accountId | String | The account ID. |
CheckPointDome9.ComplianceRuleset.id | Number | The Ruleset ID. |
CheckPointDome9.ComplianceRuleset.name | String | The Ruleset name. |
CheckPointDome9.ComplianceRuleset.description | String | The Ruleset description. |
#
Command example!dome9-compliance-ruleset-list
#
Context Example#
Human Readable Output#
Compliance Ruleset:Showing 50 rows out of 136. |Accountid|Id|Name|Description| |---|---|---|---| | account_id | id | name | description |
#
dome9-compliance-ruleset-rule-listGet rule details. Get the rule logic hash to create a new remediation.
#
Base Commanddome9-compliance-ruleset-rule-list
#
InputArgument Name | Description | Required |
---|---|---|
rule_id | The Ruleset ID. | Required |
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.ComplianceRuleset.Rule.name | String | The rule name. |
CheckPointDome9.ComplianceRuleset.Rule.severity | String | The rule severity. |
CheckPointDome9.ComplianceRuleset.Rule.logic | Number | The rule logic. |
CheckPointDome9.ComplianceRuleset.Rule.logicHash | String | The rule logic hash. |
CheckPointDome9.ComplianceRuleset.Rule.description | String | The rule description. |
#
Command example!dome9-compliance-ruleset-rule-list rule_id=-41
#
Context Example#
Human Readable Output#
Compliance Ruleset Rules:Showing 10 rows out of 10. |Name|Severity|Description|Logic|Logichash| |---|---|---|---|---| | name | severity | description | logic | logicHash |
#
dome9-security-group-instance-attachAttach the security group to an AWS EC2 instance.
#
Base Commanddome9-security-group-instance-attach
#
InputArgument Name | Description | Required |
---|---|---|
instance_id | AWS instance ID. | Required |
sg_id | AWS security group internal ID. | Required |
nic_name | The instance NIC name. Use the dome9-instance-list command to get this argument. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-security-group-instance-attach instance_id=i-instance_id nic_name=nic_name sg_id=sg_id
#
Context Example#
Human Readable OutputSecurity group attach successfully
#
dome9-security-group-service-deleteDelete a service from an AWS security group.
#
Base Commanddome9-security-group-service-delete
#
InputArgument Name | Description | Required |
---|---|---|
sg_id | Security group ID. | Required |
service_id | Service ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-security-group-service-delete service_id=6-56 sg_id=sg_id
#
Context Example#
Human Readable OutputService deleted successfully
#
dome9-security-group-tags-updateUpdate the list of tags for an AWS security group.
#
Base Commanddome9-security-group-tags-update
#
InputArgument Name | Description | Required |
---|---|---|
sg_id | Security group ID. | Required |
key | The key name. | Required |
value | The value name. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-security-group-tags-update key=KEYkey value=VALUEvalue sg_id=sg_id
#
Context Example#
Human Readable OutputTag updated successfully
#
dome9-security-group-service-createCreate a new service (rule) for the security group.
#
Base Commanddome9-security-group-service-create
#
InputArgument Name | Description | Required |
---|---|---|
sg_id | Security group ID. | Required |
policy_type | The service type. Possible values are: Inbound, Outbound. | Required |
name | The service name. | Required |
protocol_type | Service protocol type. Possible values are: ALL, HOPOPT, ICMP, IGMP, GGP, IPV4, ST, TCP, CBT, EGP, IGP, BBN_RCC_MON, NVP2, PUP, ARGUS, EMCON, XNET, CHAOS, UDP, MUX, DCN_MEAS, HMP, PRM, XNS_IDP, TRUNK1, TRUNK2, LEAF1, LEAF2, RDP, IRTP, ISO_TP4, NETBLT, MFE_NSP, MERIT_INP, DCCP, ThreePC, IDPR, XTP, DDP, IDPR_CMTP, TPplusplus, IL, IPV6, SDRP, IPV6_ROUTE, IPV6_FRAG, IDRP, RSVP, GRE, DSR, BNA, ESP, AH, I_NLSP, SWIPE, NARP, MOBILE, TLSP, SKIP, ICMPV6, IPV6_NONXT, IPV6_OPTS, CFTP, SAT_EXPAK, KRYPTOLAN, RVD, IPPC, SAT_MON, VISA, IPCV, CPNX, CPHB, WSN, PVP, BR_SAT_MON, SUN_ND, WB_MON, WB_EXPAK, ISO_IP, VMTP, SECURE_VMTP, VINES, TTP, NSFNET_IGP, DGP, TCF, EIGRP, OSPFIGP, SPRITE_RPC, LARP, MTP, AX25, IPIP, MICP, SCC_SP, ETHERIP, ENCAP, GMTP, IFMP, PNNI, PIM, ARIS, SCPS, QNX, AN, IPCOMP, SNP, COMPAQ_PEER, IPX_IN_IP, VRRP, PGM, L2TP, DDX, IATP, STP, SRP, UTI, SMP, SM, PTP, ISIS, FIRE, CRTP, CRUDP, SSCOPMCE, IPLT, SPS, PIPE, SCTP, FC, RSVP_E2E_IGNORE, MOBILITY_HEADER, UDPLITE, MPLS_IN_IP, MANET, HIP, SHIM6, WESP, ROHC. | Required |
port | The service port (indicates a port range). | Required |
open_for_all | Indicates if the service is open to all ports. Possible values are: True, False. | Optional |
description | Service description. | Optional |
data_id | IP list ID to attach. | Optional |
data_name | IP list name to attach. | Optional |
scope_type | Scope type to attach. Possible values are: CIDR, IPList. | Optional |
is_valid | Whether the service is valid. Possible values are: True, False. | Optional |
inbound | Whether the service is inbound. Possible values are: True, False. | Optional |
icmptype | ICMP type (when protocol is ICMP). Possible values are: All, EchoReply, DestinationUnreachable, SourceQuench, Redirect, AlternateHostAddress, Echo, RouterAdvertisement, RouterSelection, TimeExceeded, ParameterProblem, Timestamp, TimestampReply, InformationRequest, InformationReply, AddressMaskRequest, AddressMaskReply, Traceroute, DatagramConversionError, MobileHostRedirect, IPv6WhereAreYou, IPv6IAmHere, MobileRegistrationRequest, MobileRegistrationReply, DomainNameRequest, DomainNameReply, SKIP, Photuris. | Optional |
icmpv6type | ICMP V6 type (when protocol is ICMPV6). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.SecurityGroup.Service.id | String | The security group service ID. |
CheckPointDome9.SecurityGroup.Service.name | string | The security group service name. |
CheckPointDome9.SecurityGroup.Service.protocolType | String | The service protocol type. |
CheckPointDome9.SecurityGroup.Service.port | string | The service port. |
CheckPointDome9.SecurityGroup.Service.scope | String | The service scope type. |
CheckPointDome9.SecurityGroup.Service.description | string | The service description. |
#
Command example!dome9-security-group-service-create name=NewService0107 policy_type=Inbound port=port protocol_type=protocol sg_id=sg_id
#
Context Example#
Human Readable Output#
Security group service created successfully
Description Id Name Port Protocoltype id NewService0107 port protocol
#
dome9-security-group-service-updateUpdate a service (rule) for an AWS security group. Can update only the port and name.
#
Base Commanddome9-security-group-service-update
#
InputArgument Name | Description | Required |
---|---|---|
sg_id | Security group ID. | Required |
policy_type | The service type. Possible values are: Inbound, Outbound. | Required |
service_name | Service name. | Required |
protocol_type | The service protocol type. Possible values are: ALL, HOPOPT, ICMP, IGMP, GGP, IPV4, ST, TCP, CBT, EGP, IGP, BBN_RCC_MON, NVP2, PUP, ARGUS, EMCON, XNET, CHAOS, UDP, MUX, DCN_MEAS, HMP, PRM, XNS_IDP, TRUNK1, TRUNK2, LEAF1, LEAF2, RDP, IRTP, ISO_TP4, NETBLT, MFE_NSP, MERIT_INP, DCCP, ThreePC, IDPR, XTP, DDP, IDPR_CMTP, TPplusplus, IL, IPV6, SDRP, IPV6_ROUTE, IPV6_FRAG, IDRP, RSVP, GRE, DSR, BNA, ESP, AH, I_NLSP, SWIPE, NARP, MOBILE, TLSP, SKIP, ICMPV6, IPV6_NONXT, IPV6_OPTS, CFTP, SAT_EXPAK, KRYPTOLAN, RVD, IPPC, SAT_MON, VISA, IPCV, CPNX, CPHB, WSN, PVP, BR_SAT_MON, SUN_ND, WB_MON, WB_EXPAK, ISO_IP, VMTP, SECURE_VMTP, VINES, TTP, NSFNET_IGP, DGP, TCF, EIGRP, OSPFIGP, SPRITE_RPC, LARP, MTP, AX25, IPIP, MICP, SCC_SP, ETHERIP, ENCAP, GMTP, IFMP, PNNI, PIM, ARIS, SCPS, QNX, AN, IPCOMP, SNP, COMPAQ_PEER, IPX_IN_IP, VRRP, PGM, L2TP, DDX, IATP, STP, SRP, UTI, SMP, SM, PTP, ISIS, FIRE, CRTP, CRUDP, SSCOPMCE, IPLT, SPS, PIPE, SCTP, FC, RSVP_E2E_IGNORE, MOBILITY_HEADER, UDPLITE, MPLS_IN_IP, MANET, HIP, SHIM6, WESP, ROHC. | Required |
port | Service port (indicates a port range). | Required |
open_for_all | Whether the service is open to all ports. Possible values are: True, False. | Optional |
description | Service description. | Optional |
data_id | IP list ID. | Optional |
data_name | IP list name. | Optional |
scope_type | Scope type. Possible values are: CIDR, IPList. | Optional |
is_valid | Whether the service is valid. Possible values are: True, False. | Optional |
inbound | Whether the service is inbound. Possible values are: True, False. | Optional |
icmptype | ICMP type (when protocol is ICMP). Possible values are: All, EchoReply, DestinationUnreachable, SourceQuench, Redirect, AlternateHostAddress, Echo, RouterAdvertisement, RouterSelection, TimeExceeded, ParameterProblem, Timestamp, TimestampReply, InformationRequest, InformationReply, AddressMaskRequest, AddressMaskReply, Traceroute, DatagramConversionError, MobileHostRedirect, IPv6WhereAreYou, IPv6IAmHere, MobileRegistrationRequest, MobileRegistrationReply, DomainNameRequest, DomainNameReply, SKIP, Photuris. | Optional |
icmpv6type | ICMP V6 type (when protocol is ICMPV6). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.SecurityGroup.Service.id | String | The security group service ID. |
CheckPointDome9.SecurityGroup.Service.name | string | The security group service name. |
CheckPointDome9.SecurityGroup.Service.protocolType | String | The service protocol type. |
CheckPointDome9.SecurityGroup.Service.port | string | The service port. |
CheckPointDome9.SecurityGroup.Service.scopeType | String | The service scope type. |
CheckPointDome9.SecurityGroup.Service.description | string | The service description. |
#
Command example!dome9-security-group-service-update service_name=name policy_type=Inbound port=port protocol_type=protocol sg_id=sg_id
#
Context Example#
Human Readable Output#
Security group service updated successfully
Description Id Name Port Protocoltype id name port protocol
#
dome9-security-group-instance-detachDetach the security group from an AWS EC2 Instance.
#
Base Commanddome9-security-group-instance-detach
#
InputArgument Name | Description | Required |
---|---|---|
instance_id | AWS instance ID. | Required |
sg_id | AWS security group internal ID. | Required |
nic_name | The instance NIC name. Use the dome9-instance-list command to get this argument. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-security-group-instance-detach instance_id=i-instanceID nic_name=eth0 sg_id=sg_id
#
Context Example#
Human Readable OutputSecurity group detach successfully
#
dome9-instance-listFetch an AWS EC2 instance.
#
Base Commanddome9-instance-list
#
InputArgument Name | Description | Required |
---|---|---|
instance_id | AWS instance ID. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.Instance.externalId | String | The instance external ID. |
CheckPointDome9.Instance.region | string | The instance region. |
CheckPointDome9.Instance.nics | String | The instance NIC names. |
CheckPointDome9.Instance.name | string | The instance name. |
#
Command example!dome9-instance-list
#
Context Example#
Human Readable Output#
AWS instancesShowing 5 rows out of 5. |Accountid|Cloudaccountid|Externalid|Image|Instancetype|Isbillable|Isrunning|Kernelid|Launchtime|Name|Nics|Platform|Profilearn|Publicdnsname|Region|Rolearns|Ssmagentinstanceinformation|Tags|Vpc| |---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---| | account_id | cloudAccountId | i-Externalid | ami | Instancetype | true | true | | someDate | name | Nics | | | | region | arn| | Name | vpc |
#
dome9-security-group-protection-mode-updateChange the protection mode for an AWS security group (FullManage or ReadOnly).
#
Base Commanddome9-security-group-protection-mode-update
#
InputArgument Name | Description | Required |
---|---|---|
protection_mode | The protection mode to update. Possible values are: FullManage, ReadOnly. | Required |
sg_id | Security group ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-security-group-protection-mode-update protection_mode=FullManage sg_id=sg_id
#
Context Example#
Human Readable Output#
protection mode updated for security group :
Cloud Account Id Cloud Account Name Description Isprotected Region Id Security Group External Id Security Group Id Security Group Name Vpc Id cloudAccountId name description true region sg_id sg_id sg_name vpc
#
dome9-cloud-accounts-listGet the cloud account list.
#
Base Commanddome9-cloud-accounts-list
#
InputArgument Name | Description | Required |
---|---|---|
account_id | account ID. | Optional |
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
cloud_account_od | The cloud account ID. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!dome9-cloud-accounts-list
#
Context Example#
Human Readable Output#
Cloud accounts:Showing 1 rows out of 1. |Id|Vendor|Externalaccountnumber|Creationdate|Organizationalunitname| |---|---|---|---|---| | cloudAccountId | vendor | number |date | name |
#
dome9-security-group-ip-list-details-getGet AWS cloud accounts for a specific security group and region and check if there is an IP list to attach to a security group.
#
Base Commanddome9-security-group-ip-list-details-get
#
InputArgument Name | Description | Required |
---|---|---|
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
sg_id | Security group ID. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.SecurityGroup.security_group_id | String | The security group ID. |
#
Command example!dome9-security-group-ip-list-details-get
#
Context Example#
Human Readable Output#
Security Groups:Showing 1 rows out of 24. |Cloud Account Id|Cloud Account Name|Description|Isprotected|Region Id|Security Group External Id|Security Group Id|Security Group Name|Vpc Id| |---|---|---|---|---|---|---|---|---| | cloudAccountId | name | description | true | region | sg_id | sg_id | sg_name | vpc |
#
dome9-security-group-listGet all security group entities.
#
Base Commanddome9-security-group-list
#
InputArgument Name | Description | Required |
---|---|---|
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.SecurityGroup.security_group_id | String | The security group ID. |
#
Command example!dome9-security-group-list
#
Context Example#
Human Readable Output#
Security Groups:Showing 1 rows out of 107. |Cloud Account Id|Region Id|Security Group Id|Security Group Name|Vpc Id| |---|---|---|---|---| | cloudAccountId | region | sg | name | vpc |
#
dome9-global-search-getGet top results for each service.
#
Base Commanddome9-global-search-get
#
InputArgument Name | Description | Required |
---|---|---|
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.GlobalSearch.Alert.id | String | The global search alert ID. |
CheckPointDome9.GlobalSearch.Alert.type | String | The global search alert type. |
CheckPointDome9.GlobalSearch.Alert.severity | String | The global search alert severity. |
#
Command example!dome9-global-search-get
#
Context Example#
Human Readable Output#
Global Search
Alerttype Bundleid Cloudaccountexternalid Cloudaccountid Createdtime Description Entityname Id Remediation Rulename Severity Updatedtime Alerttype Bundleid Cloudaccountexternalid Cloudaccountid date Description Entityname id Remediation rule name Severity Updatedtime Alerttype Bundleid Cloudaccountexternalid Cloudaccountid date Description Entityname id remediation rule name Severity Updatedtime
#
dome9-cloud-trail-getGet CloudTrail events for a Dome9 user.
#
Base Commanddome9-cloud-trail-get
#
InputArgument Name | Description | Required |
---|---|---|
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.CloudTrail.id | String | The CloudTrail ID. |
CheckPointDome9.CloudTrail.name | String | The CloudTrail name. |
CheckPointDome9.CloudTrail.trailArn | String | The CloudTrail ARN. |
CheckPointDome9.CloudTrail.accountId | String | The CloudTrail account ID. |
#
Command example!dome9-cloud-trail-get
#
Context Example#
Human Readable Output#
Cloud TrailShowing 1 rows out of 1. |Accountid|Cloudaccountid|Cloudtrailstatus|Cloudwatchlogsloggrouparn|Cloudwatchlogsrolearn|Externalid|Homeregion|Id|Includeglobalserviceevents|Ismultiregiontrail|Kmskeyid|Logfilevalidationenabled|Name|Region|S3bucketname|S3keyprefix|Snstopicarn|Snstopicname|Trailarn| |---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---| | account_id | cloudAccountId | status | | | arn | us-east-1 | id | true | true | | true | name | region | name | | | | arn |
#
dome9-organizational-unit-view-getGet organizational unit view entities.
#
Base Commanddome9-organizational-unit-view-get
#
InputArgument Name | Description | Required |
---|---|---|
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.OrganizationalUnitView.id | String | The organizational unit ID. |
CheckPointDome9.OrganizationalUnitView.name | String | The organizational unit name. |
CheckPointDome9.OrganizationalUnitView.path | String | The organizational unit path. |
CheckPointDome9.OrganizationalUnitView.children | String | The organizational unit children. |
#
Command example!dome9-organizational-unit-view-get
#
Context Example#
Human Readable Output#
Organizational Unit View
Children Id Name Path id name name
#
dome9-organizational-unit-flat-getGet flat organizational units.
#
Base Commanddome9-organizational-unit-flat-get
#
InputArgument Name | Description | Required |
---|---|---|
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.OrganizationalUnitFlat.id | String | The organizational unit ID. |
CheckPointDome9.OrganizationalUnitFlat.name | String | The organizational unit name. |
CheckPointDome9.OrganizationalUnitFlat.path | String | The organizational unit path. |
CheckPointDome9.OrganizationalUnitFlat.parentId | String | The organizational unit parent ID. |
#
Command example!dome9-organizational-unit-flat-get
#
Human Readable Output#
Organizational Unit FlatShowing 0 rows out of 0. No entries.
#
dome9-organizational-unit-getGet an organizational unit by its ID.
#
Base Commanddome9-organizational-unit-get
#
InputArgument Name | Description | Required |
---|---|---|
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
unit_id | The organizational unit ID. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.OrganizationalUnit.id | String | The organizational unit ID. |
CheckPointDome9.OrganizationalUnit.name | String | The organizational unit name. |
CheckPointDome9.OrganizationalUnit.path | String | The organizational unit path. |
CheckPointDome9.OrganizationalUnit.parentId | String | The organizational unit parent ID. |
#
Command example!dome9-organizational-unit-get
#
Context Example#
Human Readable Output#
Organizational Unit
Accountid Alibabaaggregatecloudaccountscount Alibabacloudaccountscount Awsaggregatedcloudacountscount Awscloudacountscount Azureaggregatecloudaccountscount Azurecloudaccountscount Containerregistryaccountscount Containerregistryaggregatecloudaccountscount Created Googleaggregatecloudaccountscount Googlecloudaccountscount Id Isparentroot Isroot K8saggregatecloudaccountscount K8scloudaccountscount Name Parentid Path Pathstr Shiftleftaggregatecloudaccountscount Shiftleftcloudaccountscount Suborganizationalunitscount Updated 0 0 0 1 1 0 0 0 0 date 0 0 id true true 0 0 name 0 0 0 date
#
dome9-findings-getGet a findings by its ID.
#
Base Commanddome9-findings-get
#
InputArgument Name | Description | Required |
---|---|---|
finding_id | The findings ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.Finding.id | String | The findings ID. |
CheckPointDome9.Finding.bundleId | String | The findings bundle ID. |
CheckPointDome9.Finding.severity | String | The findings severity. |
CheckPointDome9.Finding.description | String | The findings description. |
CheckPointDome9.Finding.remediation | String | The findings remediation. |
CheckPointDome9.Finding.region | String | The findings region. |
CheckPointDome9.Finding.cloudAccountId | String | The findings cloud account ID. |
#
Command example!dome9-findings-get finding_id=finding_id
#
Context Example#
Human Readable OutputFinding
#
dome9-findings-bundle-getGet the findings for a specific rule in a bundle, for all of the user's accounts.
#
Base Commanddome9-findings-bundle-get
#
InputArgument Name | Description | Required |
---|---|---|
page | Page number of paginated results. Minimum value: 1. | Optional |
page_size | Number of items per page. | Optional |
limit | The maximum number of records to retrieve. Default is 50. | Optional |
bundle_id | The bundle ID. Use the dome9-compliance-ruleset-list command to get the bundle ID list. | Required |
rule_logic_hash | MD5 hash of the rule GSL string. Use the compliance-ruleset-rule-list command to fetch the logic hash. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointDome9.FindingsBundle.id | String | The CloudTrail ID. |
CheckPointDome9.FindingsBundle.severity | String | The CloudTrail name. |
CheckPointDome9.FindingsBundle.remediation | String | The Cloud Trail ARN. |
CheckPointDome9.FindingsBundle.accountId | String | The CloudTrail account ID. |
CheckPointDome9.FindingsBundle.description | String | The CloudTrail ARN. |
CheckPointDome9.FindingsBundle.region | String | The CloudTrail account ID. |
#
Command example!dome9-findings-bundle-get bundle_id=bundle_id rule_logic_hash=ruleLogicHash
#
Human Readable Output#
Findings BundleNo entries.