This is the Harmony Endpoint management SDK for Python ecosystem.
The SDK is based on the public Harmony Endpoint management OpenAPI specifications.
With the SDK, you do not have to manage log in, send keep alive requests, worry about session expiration or pull long processing jobs.
💡 The Harmony Endpoint SDK supports simultaneous instances with different tenants.
To start using this SDK, add the SDK package to your project
Via PIP (PyPi registry)
pip install chkp-harmony-endpoint-management-sdk
First, import the HarmonyEndpoint
object from the package.
from chkp_harmony_endpoint_management_sdk import HarmonyEndpoint
Then, create a new instance of HarmonyEndpoint
, which provides CloudInfra API credentials and a gateway to connect to.
To obtain CloudInfra credentials, open the Infinity Portal and create a suitable API Key. Make sure to select Endpoint
in the Service
field. For more information, see Infinity Portal Administration Guide.
Once the Client ID, Secret Key, and Authentication URL are obtained, Harmony Endpoint SDK can be used.
All API operations can be explored with the HarmonyEndpoint
instance, notice to the documentation on each API operation, what and where are the arguments it requires.
All API's can be also explored in SwaggerHub
A complete example:
from chkp_harmony_endpoint_management_sdk import HarmonyEndpoint, InfinityPortalAuth
# Create a new instance of HarmonyEndpoint (we do support multiple instances in parallel)
he = HarmonyEndpoint()
# Connect to management using CloudInfra API credentials
he.connect(infinity_portal_auth=InfinityPortalAuth(
client_id="place here your CI client-id", # The "Client ID"
access_key= "place here your CI access-key", # The "Secret Key"
gateway="https://cloudinfra-gw-us.portal.checkpoint.com/auth/external" # The "Authentication URL"
))
# Query the API operation
rules_metadata_res = he.policy_general_api.get_all_rules_metadata(header_params={ "x-mgmt-run-as-job": 'off'})
print(rules_metadata_res.payload) # Your rulebase metadata
# Also you can query this operation using job, no extra logic required, in the background, it will trigger a job and will pull the status till it finish and return the final results.
rules_metadata_res = he.policy_general_api.get_all_rules_metadata(header_params={ "x-mgmt-run-as-job": 'on'})
print(rules_metadata_res.is_job) # True
print(rules_metadata_res.payload) # Your rulebase metadata
# Once finish, disconnect to stop all background session management.
he.disconnect()
🛠️🛠️🛠️ Under Development 🛠️🛠️🛠️
Harmony Endpoint On-premise instances are also supported.
Pay attention! Not all cloud operations are available for on-premise, also need to specify the SDK version to comply with your Gaia / JHF version
from chkp_harmony_endpoint_management_sdk import HarmonyEndpointPremise, OnPremisePortalAuth
# Create a new instance of HarmonyEndpoint (we do support multiple instances in parallel)
hep = HarmonyEndpointPremise()
# Connect to management using CloudInfra API credentials
hep.connect(on_premise_portal_auth=OnPremisePortalAuth(
username="xxxx",
password= "xxxx",
url="https://x.x.x.x",
disable_tls_chain_validation=False # Set it true only if you fully trust this URL (e.g. case of internal but not verified https certificate)
))
# Query the API operation
rules_metadata_res = hep.policy_general_api.get_all_rules_metadata(header_params={ "x-mgmt-run-as-job": 'off'})
print(rules_metadata_res.payload) # Your rulebase metadata
# Once all finish, disconnect to stop all background session management.
hep.disconnect()
On-Premises API can be explored in SwaggerHub
Harmony Endpoint also provides APIs for MSSP and Cloud service management (relevant to SaaS customers only)
The usage is similar to the management API
from chkp_harmony_endpoint_management_sdk import HarmonyEndpointSaaS, InfinityPortalAuth, HarmonyEndpointSaaSOptions
he_saas = HarmonyEndpointSaaS()
# Connect to management using CloudInfra API credentials
he_saas.connect(infinity_portal_auth=InfinityPortalAuth(
client_id="place here your CI client-id", # The "Client ID"
access_key= "place here your CI access-key", # The "Secret Key"
gateway="https://cloudinfra-gw-us.portal.checkpoint.com/auth/external", # The "Authentication URL"
harmony_endpoint_saas_options=HarmonyEndpointSaaSOptions(
activate_mssp_session=True # Activate MSSP's session management, turn on if you're using MSSP APIs
)
))
# Query the cloud API operation
instance_status_res = he_saas.self_service_api.public_machines_single_status()
print(instance_status_res.payload) # Your instance status
he_saas.disconnect()
API available at SwaggerHub
The full version and build info of the SDK is available by HarmonyEndpoint.info()
see example:
from chkp_harmony_endpoint_management_sdk import HarmonyEndpoint, HarmonyEndpointSDKInfo
sdk_info: HarmonyEndpointSDKInfo = HarmonyEndpoint.info()
print(sdk_info) # sdk_build:"9728283", sdk_version:"1.0.2", spec:"web-mgmt-external-api-production", spec_version:"1.9.159", released_on:"2023-09-10T18:14:38.264Z"
Harmony Endpoint Management SDK uses the official python logger package for logging.
There are 3 loggers, for general info, errors and to inspect network.
As default they will be disabled, in order to enable logging, set to the HARMONY_ENDPOINT_SDK_LOGGER
environment variable the following string before loading the SDK:
HARMONY_ENDPOINT_SDK_LOGGER="*"
And for a specific/s logger set the logger name followed by a command as following:
HARMONY_ENDPOINT_SDK_LOGGER="info,error,network"
or activate logger programmatically using SDK methods:
from chkp_harmony_endpoint_management_sdk import activate_all_loggers, activate_info_logger, activate_error_logger, activate_network_logger
...
activate_all_loggers() # Will activate all logger
activate_info_logger() # Will activate the info logger only
activate_error_logger() # Will activate the error logger only
activate_network_logger() # Will activate the network logger only
In case of an issue or a bug found in the SDK, please open an issue or report to us Check Point Software Technologies Ltd.
- Haim Kastner - chkp-haimk
- Yuval Pomerchik - chkp-yuvalpo