Short term, getting Harmony Endpoint added to the documentation for the XML scan file.
Long term, getting full 2-way communication between the B&R server and the Endpoint Management as a Service at portal.checkpoint.com.
End goal, that all results of the scan performed by Harmony Endpoint to the mounted backup are fully shown in the Harmony Endpoint Management portal, so the security teams can see what exactly it was that got into the backup, so they can better the threat hunting efforts.
-
nickj_cp
- Lurker
- Posts: 1
- Liked: never
- Joined: Sep 16, 2025 2:34 pm
- Full Name: Nicholas Jahn
- Contact:
-
Dima P.
- Product Manager
- Posts: 14887
- Liked: 1809 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Check Point Harmony Endpoint integration
Hello Nicholas,
If you want to scan backups with a custom tool you can use Data Integration API to mount the backup and provide access to the files within the backup.
You can send information about machine states (clean / infected / suspicions) directly to Veeam B&R console via REST API, take a look at this page - Incident API.
Thank you!
If you want to scan backups with a custom tool you can use Data Integration API to mount the backup and provide access to the files within the backup.
You can send information about machine states (clean / infected / suspicions) directly to Veeam B&R console via REST API, take a look at this page - Incident API.
Thank you!
-
sherzig
- Veeam Software
- Posts: 215
- Liked: 53 times
- Joined: Dec 05, 2018 2:44 pm
- Contact:
Check Point Harmony Endpoint integration
Hi Nicholas,
For the VeeamAntivirus.xml, an antivirus scanner that provides a command-line interface is required. https://helpcenter.veeam.com/docs/vbr/u ... ation-file
My research has shown that on Windows, Check Point Harmony Endpoint does not provide a command-line tool for initiating an antivirus scan. Scans can only be triggered via the GUI, Explorer context menu, or centrally from the Harmony Endpoint Management portal.
On Linux, a command-line utility called cpla exists (e.g. cpla am scan <path>). This could potentially be integrated, but there is no documentation about the return codes (ExitCode). Without defined values, it is unclear how to programmatically determine whether malware was detected. https://helpcenter.veeam.com/docs/vbr/u ... attributes
References
- Check Point Harmony Endpoint for Linux CLI Commands https://sc1.checkpoint.com/documents/R8 ... mmands.htm
- Check Point Community – Harmony Endpoint - scan a specific folder (Windows) https://community.checkpoint.com/t5/End ... d-p/199579
Am I correct in understanding that for two-way communication, you want the results of the Veeam scans (AV or YARA scan) to be visible in Harmony Endpoint Management? The question here is whether Check Point offers the option of accessing the Veeam REST API to query the scan results or to address the Incident API mentioned by Dima. Syslog may be considered, as it can also transmit the scan results. https://helpcenter.veeam.com/docs/backu ... 41600.html
Let me know if this helps.
Cheers,
Steve
For the VeeamAntivirus.xml, an antivirus scanner that provides a command-line interface is required. https://helpcenter.veeam.com/docs/vbr/u ... ation-file
My research has shown that on Windows, Check Point Harmony Endpoint does not provide a command-line tool for initiating an antivirus scan. Scans can only be triggered via the GUI, Explorer context menu, or centrally from the Harmony Endpoint Management portal.
On Linux, a command-line utility called cpla exists (e.g. cpla am scan <path>). This could potentially be integrated, but there is no documentation about the return codes (ExitCode). Without defined values, it is unclear how to programmatically determine whether malware was detected. https://helpcenter.veeam.com/docs/vbr/u ... attributes
References
- Check Point Harmony Endpoint for Linux CLI Commands https://sc1.checkpoint.com/documents/R8 ... mmands.htm
- Check Point Community – Harmony Endpoint - scan a specific folder (Windows) https://community.checkpoint.com/t5/End ... d-p/199579
Am I correct in understanding that for two-way communication, you want the results of the Veeam scans (AV or YARA scan) to be visible in Harmony Endpoint Management? The question here is whether Check Point offers the option of accessing the Veeam REST API to query the scan results or to address the Incident API mentioned by Dima. Syslog may be considered, as it can also transmit the scan results. https://helpcenter.veeam.com/docs/backu ... 41600.html
Let me know if this helps.
Cheers,
Steve
Who is online
Users browsing this forum: Bohangus, Google [Bot] and 29 guests