{"id":19873096,"url":"https://github.com/checkpointsw/changedpolicies","last_synced_at":"2025-06-17T03:33:01.014Z","repository":{"id":41332745,"uuid":"259386822","full_name":"CheckPointSW/ChangedPolicies","owner":"CheckPointSW","description":"Check Point ChangedPolicies tool allows the user to know which policies were affected by changes that were made in the last published session.","archived":false,"fork":false,"pushed_at":"2022-03-15T12:33:53.000Z","size":11,"stargazers_count":5,"open_issues_count":1,"forks_count":1,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-05-02T09:49:04.323Z","etag":null,"topics":["management-api"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CheckPointSW.png","metadata":{"files":{"readme":"README.md","changelog":"ChangedPolicies.py","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-04-27T16:19:36.000Z","updated_at":"2023-02-03T00:57:58.000Z","dependencies_parsed_at":"2022-09-16T19:20:32.440Z","dependency_job_id":null,"html_url":"https://github.com/CheckPointSW/ChangedPolicies","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/CheckPointSW/ChangedPolicies","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2FChangedPolicies","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2FChangedPolicies/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2FChangedPolicies/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2FChangedPolicies/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CheckPointSW","download_url":"https://codeload.github.com/CheckPointSW/ChangedPolicies/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CheckPointSW%2FChangedPolicies/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260285700,"owners_count":22986443,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["management-api"],"created_at":"2024-11-12T16:17:46.549Z","updated_at":"2025-06-17T03:33:00.967Z","avatar_url":"https://github.com/CheckPointSW.png","language":"Python","readme":"# ChangedPolicies\nCheck Point ChangedPolicies tool allows the user to know which policies were affected by changes that were made in the last published session.\nThis is useful to determine which policies should be installed.\n\nYou can adjust the code according to your organization’s policy / needs.\n\n  - This tool can be executed on Management Server / Multi-Domain servers of version of R80.10 and up.\n\n## Instructions\nClone the repository with this command:\n```git\ngit clone https://github.com/CheckPointSW/ChangedPolicies\n``` \nor by clicking the _‘Download ZIP’_ button. \n\nDownload and install the [Check Point API Python SDK](https://github.com/CheckPointSW/cp_mgmt_api_python_sdk) \nrepository, follow the instructions in the SDK repository.\n\n## Usage Syntax\n```python ChangedPolicies.py [-c changes] [-u username] [-p password] [-m management] [-d domain] [-o output-file] [--port port]```\n\n• [-c --changes] (Optional): The \\'show-changes\\' API command output encoded in base 64. \nUse this flag for integration with Smart Task.\nFor more details follow the instructions below in the [\"Integration with Smart Task\"](#Integration with Smart Task) section\n\n• [-d --domain] (Optional): The name or uid of the Security Management Server domain.  \nWhen running the command on a Multi domain server the default domain is the \"MDS\".\n\n• [-o --output-file] (Optional): The output file name. The location in which to save the resulting .Json file.   \nThe default is the current directory with the name 'Changed_policies.json'. \n \n• [--port] (Optional): The port of WebAPI server on Security Management Server.  \nDefault value is 443.\n\nUse \"-h\" option in order to see the full list of options to configure the tool  \n\n## Examples\n*   Running the tool on a remote management server: \n\u003cbr\u003e```python ChangedPolicies.py  -m 172.23.78.160 -u James -p MySecretPassword!```\n\u003cbr\u003eThe tool runs on a remote management server with IP address 172.23.78.160.\n\n*   Running the tool on a Multi-Domain Server for a specific domain: \n\u003cbr\u003e```python ChangedPolicies.py  -d 172.23.78.152 -u James -p MySecretPassword!```\n\n*   Running the tool on a Security Management Server with specific output file name: \n\u003cbr\u003e```python ChangedPolicies.py  -o \"json_file.json\" -u James -p MySecretPassword!```\n\n\n## Output\nThe tool generates a Json file with the changed policies for the last published session. \nif you execute this tool multiple times it will update the file with the aggregated changes.\n \nExample of output:\n```Git\n\n{\n    \"Global\": {\n        \"4631ed09-6663-4d0c-95e0-95e26ef2a927\": [\n            \"Standard\"\n        ]\n    },\n    \"my_domain\": {\n        \"02d744e0-eb92-40d6-bb59-186c522b35c1\": [\n            \"policy package 1\",\n            \"Standard\"\n        ]\n    }\n}\n\n``` \n\n## Integration with Smart Task\nThis tool can be integrated with Smart Task which is supported from R80.40.\n\n### Instructions:\n* Install the Check Point API Python SDK, follow the instructions for\n [SDK usage from a management machine](https://github.com/CheckPointSW/cp_mgmt_api_python_sdk#sdk-usage-from-a-management-machine).\n* Copy the script 'ChangedPolicies.py' to your Management machine.\n* Execute the command `api fingerprint -f json | jq -r '.[0] | .[\"fingerprint-sha1\"]'` and save the output.\n* Create file named `fingerprints.txt` in `/var/tmp/`. The content should be a Json that the key is the machine IP \nand the value is the fingerprint (the output of the command above).\u003cbr\u003e\nFor example: \u003cbr\u003e\n     ```Git\n    {\n        \"172.23.78.160\": \"6713548716C586ECDBF1A6693CB440071F1C89E6\"\n    } \n    ``` \n* Create new script in Smart Console \u003ci\u003e'GATEWAYS \u0026 SERVERS' \u003e 'Scripts' \u003e 'Script Repository' \u003e 'new' \u003c/i\u003e \nand call it 'Changed policies'. \u003cbr\u003e\nThe content should contain the export command as in the SDK instruction above and the execution of the script \nusing the '-c' / '--changes' flag with '$1' as value.\u003cbr\u003e\nFor example: \n    ```Git\n    \n    export PYTHONPATH=$PYTHONPATH:/home/admin/cp_mgmt_api_python_sdk/\n    \n    python /var/tmp/ChangedPolicies.py -r true -c $1\n    \n    \n    ``` \n* Create new Smart Task in Smart Console:\n\u003cbr\u003e\u0026emsp;- Go to \u003ci\u003e'MANAGE \u0026 SETTINGS' \u003e 'Tasks' \u003e 'new'\u003c/i\u003e and call it 'Changed policies'.\n\u003cbr\u003e\u0026emsp;- Turn the task on.\n\u003cbr\u003e\u0026emsp;- Under 'Trigger and Action' choose 'After Publish' as trigger and 'Run Script' as the action \nand select the script 'Changed policies' from the repository.\n\u003cbr\u003e\u0026emsp;- Under 'Advanced' set the 'Time out' to be 300.\n* Publish the changes.\n\nFor more information about Smart Task go to [R80.40 Administration Guide](https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_SecurityManagement_AdminGuide/Content/Topics-SECMG/SmartTasks.htm?Highlight=smarttask).\n\n## limitations\n\n* The script support only the changes of last published session.\n* The tool doesn't support changes in Threat and HTTPS layers.\n* The tool doesn't support shared layers.\n* In case of changes in Global domain in Multi Domain machine, \nthe script should be executed from the Global domain (use the flag `--domain Global`).  \n\n\n## Development Environment\nThe tool is developed using Python language version 2.7, version 3.7 and [Check Point API Python SDK](https://github.com/CheckPointSW/cp_mgmt_api_python_sdk).\n\n\n\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcheckpointsw%2Fchangedpolicies","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcheckpointsw%2Fchangedpolicies","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcheckpointsw%2Fchangedpolicies/lists"}