This is the Harmony Endpoint management CLI
The CLI is based on the public Harmony Endpoint management OpenAPI specifications.
With the CLI, you do not have to manage log in, send keep alive requests, worry about session expiration or pull long processing jobs.
To start using this CLI, install it via PIP (PyPi registry) as a global python command
pip install chkp-harmony-endpoint-management-cliFirst of all, need to create CloudInfra API credentials, to obtain it, open the Infinity Portal and create a suitable API Key. Make sure to select Endpoint in the Service field. For more information, see Infinity Portal Administration Guide.
Once the Client ID, Secret Key, and Authentication URL are obtained, Harmony Endpoint CLI can be used.
Before starting, run the help command to understand how to pass the operation's parameters and payload with all the available options.
chkp_harmony_endpoint_management_cli --helpAll available operations can be shown by the command:
chkp_harmony_endpoint_management_cli --print-operationsThe credentials are recommended to be passed to the CLI by the environment variables CP_CI_CLIENT_ID CP_CI_ACCESS_KEY CP_CI_GATEWAY.
But CLI also supports passing by params --client-id --access-key --gateway params.
To call an operation, set --operation with value from one of the available operations and pass the herders/query/path/body params if required
For example, the operation get_all_rules_metadata requires header for job, so it will look like that:
chkp_harmony_endpoint_management_cli --operation get_all_rules_metadata --header-params "{ \"x-mgmt-run-as-job\": \"off\"}"In case additional payload can be sent, in this example the rule family by query param:
chkp_harmony_endpoint_management_cli --operation get_all_rules_metadata --query-params "{\"ruleFamily\" : \"Threat Prevention\"}" --header-params "{ \"x-mgmt-run-as-job\": \"off\"}"All APIs and the optional/required parameters can be explored in SwaggerHub
Harmony Endpoint also provides APIs for MSSP and Cloud service management (relevant to SaaS customers only)
The usage is similar to the management API, just need to change default target by --target saas
All available operations can be shown by the command:
chkp_harmony_endpoint_management_cli --print-operations --target saasFor example, the public_machines_single_status operation to get service state:
chkp_harmony_endpoint_management_cli --operation public_machines_single_status --target saasFull API exploration available at SwaggerHub
The full version and build info of the SDK is available by --info see example:
chkp_harmony_endpoint_management_cli --infoThe output should be similar to:
Check Point - Harmony Endpoint Management CLI
CLI - version: "1.1.0" build: "11905935"
Cloud SDK - sdk_build:"11902935", sdk_version:"1.1.28", spec:"web-mgmt-external-api-production", spec_version:"1.9.211", released_on:"2024-03-06T17:43:38.616492"
SaaS SDK - sdk_build:"11902935", sdk_version:"1.1.28", spec:"harmony-endpoint-cloud-api-prod", spec_version:"1.0.665", released_on:"2024-03-06T17:43:38.618196"
Harmony Endpoint Management CLI allows to print verbose logs.
There are 3 loggers, for general info, errors and to inspect network.
As default, they will be disabled, to enable logging, pass --verbose param with the following value:
chkp_harmony_endpoint_management_cli --verbos *And for a specific logger set the logger name followed by a command as following:
chkp_harmony_endpoint_management_cli --verbos info
chkp_harmony_endpoint_management_cli --verbos error
chkp_harmony_endpoint_management_cli --verbos networkIn case of an issue or a bug found in the CLI, please open an issue or report to us Check Point Software Technologies Ltd.
- Haim Kastner - chkp-haimk
- Yuval Pomerchik - chkp-yuvalpo