Skip to content

Check Point API Key

Service Name: Check Point Software Technologies

Service Description: Check Point is a leading provider of cybersecurity solutions to governments and corporate enterprises globally, offering products for network security, endpoint security, cloud security, mobile security, data security and security management.

Service Address: https://www.checkpoint.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the management server level through access rules and policies.

Secret Access Scope: Grants programmatic access to Check Point security management API, allowing automation of security policy management, monitoring, and configuration of Check Point security gateways and services.

Secret Revokement URL: https://sc1.checkpoint.com/documents/latest/APIs/#web/delete-api-key~v1.9%20

Secret Example: cp-9d4e8f2a7b6c5d3e1f0a9b8c7d6e5f4a

Suspicious Activity Investigation Instructions:

  • Review API access logs in the Check Point management server for unusual activity.
  • Check for unauthorized policy changes or configurations.
  • Monitor for unusual API calls or access patterns from unexpected IP addresses.
  • Review SmartConsole audit logs for changes made via API.
  • Verify if the API key was used outside approved automation tools or scripts.

Mitigation Instructions:

  • Sign in to the Check Point management server using SmartConsole or web interface.
  • Navigate to the API Keys management section.
  • Identify and delete the compromised API key.
  • Generate a new API key with appropriate permissions if needed.
  • Update all legitimate applications and scripts with the new API key.
  • Consider implementing more restrictive API access policies.
  • Enable API key expiration for automatic rotation.
  • Implement IP restrictions for API access if not already in place.