Check Point API Key
Service Name: Check Point Software Technologies
Service Description: Check Point is a leading provider of cybersecurity solutions to governments and corporate enterprises globally, offering products for network security, endpoint security, cloud security, mobile security, data security and security management.
Service Address: https://www.checkpoint.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the management server level through access rules and policies.
Secret Access Scope: Grants programmatic access to Check Point security management API, allowing automation of security policy management, monitoring, and configuration of Check Point security gateways and services.
Secret Revokement URL: https://sc1.checkpoint.com/documents/latest/APIs/#web/delete-api-key~v1.9%20
Secret Example: cp-9d4e8f2a7b6c5d3e1f0a9b8c7d6e5f4a
Suspicious Activity Investigation Instructions:
- Review API access logs in the Check Point management server for unusual activity.
- Check for unauthorized policy changes or configurations.
- Monitor for unusual API calls or access patterns from unexpected IP addresses.
- Review SmartConsole audit logs for changes made via API.
- Verify if the API key was used outside approved automation tools or scripts.
Mitigation Instructions:
- Sign in to the Check Point management server using SmartConsole or web interface.
- Navigate to the API Keys management section.
- Identify and delete the compromised API key.
- Generate a new API key with appropriate permissions if needed.
- Update all legitimate applications and scripts with the new API key.
- Consider implementing more restrictive API access policies.
- Enable API key expiration for automatic rotation.
- Implement IP restrictions for API access if not already in place.