Friday, November 11, 2022

Threat Emulation

curl_cli -v -k http:/te.checkpoint.com
cpwd_admin list
ps  aux | grep ted  

tecli a e v
tecli advanced engine version 
tecli show statistics
tecli show downloads images
tecli show downloads images all
tecli show emulator emulations

cpstat threat-emulation -f update_status
cpstat threat-emulation -f default
cpstat threat-emulation -f contract
 
cd $FWDIR/log
tail -f ted.elg
tail -n 50 ted.elg
tail -n 150 ted.elg
tail -f ted.elg


This system is for authorized use only.
Last login: Thu Nov  3 19:49:43 2022 from 10.1.1.1
CLINFR0771  Config lock is owned by admin. Use the command 'lock database override' to acquire the lock.
myte01> expert
Enter expert password:

Warning! All configurations should be done through clish
You are in expert mode now.
 
Expert@myte0]# cpstat threat-emulation -f contract
TE Contract Name:                          temu_local
TE Subscription Expire Date:               1677200154
TE Cloud Hourly Quota:                     0
TE Cloud Monthly Quota:                    0
TE Cloud Remaining Quota:                  0
TE Maximal VMs Number:                     28
TE Subscription Status:                    valid
TE Cloud Quota Status:                     ok
TE Subscription Description:               Subscription is up to date
TE Cloud Quota Description:                Cloud emulation is not used
TE Cloud Quota Identifier:                 N/A
TE Cloud Monthly Quota Period Start:       0
TE Cloud Monthly Quota Period End:         0
TE Cloud Monthly Quota Usage for This GW:  0
TE Cloud Hourly Quota Usage for this GW:   0
TE Cloud Monthly Quota Usage for Quota ID: 0
TE Cloud Hourly Quota Usage for Quota ID:  0
TE Cloud Monthly Quota Exceeded:           0
TE Cloud Hourly Quota Exceeded:            0
TE Cloud Last Quota Update GMT Time:       0

[Expert@myte01:0]# cpstat threat-emulation -f default 
Status:                   0
Status short description: ok
Status long description:  Gateway is up to date.
Engine Major Version:     59
Engine Minor Version:     990001351

[Expert@myte01:0]# 
[Expert@myte01:0]# tecli show statistics
                                          Last day           Last week        Last 30 days
General Information:
--------------------
Scanned files:                                   1                1980               18965
Malicious files:                                 0                   0                   0
Files filtered by static analysis:               0                  16(0%)              60(0%)
Files error count:                               2                  26                 128
Files filtered by local cache:                   0                   0                   0
Files no resource count:                         0                   0                   0
Malicious files detected by HPS:                 0                   0                   0
Files error count in HPS:                        0                   0                   0
Average sample process time:                    85 sec.             88 sec.            133 sec.
Average sample size:                          9493 bytes       1211408 bytes        865609 bytes
Files destined for Local Emulation:
-----------------------------------
Scanned files locally:                           1                1980               18965
Malicious files locally:                         0                   0                   0
Average process time for emulated files:        85 sec.             90 sec.            134 sec.
Average virtual machine usage:                   0                   0                   1
Average queue size:                              0                   0                  13
Peak queue size:                                 0                  30                 123
Files destined for Cloud Emulation:
-----------------------------------
Scanned files using cloud emulation policy:      0                   0                   0
Resend files on cloud:                           0                   0                   0
Malicious files on Cloud:                        0                   0                   0
Files filtered by cloud cache:                   0                   0                   0
Emulated files on cloud:                         0                   0                   0
Average cloud emulation time:                    0 sec.              0 sec.              0 sec.
Average process time for uploaded files:         0 sec.              0 sec.              0 sec.
Average cloud process time:                      0 sec.              0 sec.              0 sec.
Files destined for Remote Emulation:
------------------------------------
Scanned files using remote emulation policy:     0                   0                   0
Resend files remotely:                           0                   0                   0
Malicious files remotely:                        0                   0                   0
Files filtered by remote cache:                  0                   0                   0
Emulated files remotely:                         0                   0                   0
Average remote process time:                     0 sec.              0 sec.              0 sec.
Communication with Threat Cloud:
--------------------------------
Last Sharing succeeded:Thu Nov  3 19:02:17 2022
Last Sharing failed:Sat Jul 31 00:25:58 2021
Sharing Identifier:HASHED_08fe0a70d8bedc2206aaeade31c62e87-9f163947dd3664257284be2cf9f5c62e
Threat emulation engine version is: 59.990001351
[Expert@te01:0]#