https://github.com/checkpointsw-community/cloudguard-cspm-snow-sync

https://github.com/checkpointsw-community/cloudguard-cspm-snow-sync

Last synced: about 1 year ago
JSON representation

• Host: GitHub
• URL: https://github.com/checkpointsw-community/cloudguard-cspm-snow-sync
• Owner: CheckPointSW-Community
• Created: 2022-07-25T18:12:38.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2023-02-28T21:11:02.000Z (over 3 years ago)
• Last Synced: 2025-02-02T17:58:30.896Z (over 1 year ago)
• Language: Python
• Size: 21.5 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# CloudGuard-CSPM-SNOW-Sync

Python Scripts to interact with Check Point CSPM (Dome9) API to pull reported incidents and perform updates to ServiceNow Incidents.

The AckClosed.py script collects all acknowledged events in the last month and closes the related incident. This is not "Standard and accepted" logic as generally acknowledging an alert is to state that the event has been reviewed. However this is a way to demonstrate a logical methodology for closing an incident.

The orphansResolve.py script pulls all incidents from the Dome9 data table, pulls all findings related to a particular rule and filters for any SNOW alerts not having a matching finding/alert. Then if the alert is not in a state of 6 or 7 the incident is resolved with relevant comments and codes updated.

1. Run `pip install -r requirements.txt`

2. Set the variables in SetEnvVars.ps1 for a Widows Powershell Environment.

3. Run relevant script

Author: CB Currier 

Date: 8/3/2022

TAGS: CSPM CHKP DOME9 WORKAROUND CLOUDALLIANCE

Updated: 8/10/22