Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com

Skip to content
README.md 2.03 KiB
Newer Older
thl-cmk's avatar
thl-cmk committed
# Threat Emulation
thl-cmk's avatar
thl-cmk committed

Monitors status of Check Point Threat Emulation

thl-cmk's avatar
thl-cmk committed
---
### Check Info
thl-cmk's avatar
thl-cmk committed

* *service*: this check creates one service on the TE enbaled Check Point gateway
thl-cmk's avatar
thl-cmk committed

thl-cmk's avatar
thl-cmk committed
* *state*:\
thl-cmk's avatar
thl-cmk committed

thl-cmk's avatar
thl-cmk committed
  **critical**
  *  if monthly quota on cloud used greater then crit
  *  if remaining quota on cloud less then crit
  *  if current files waiting for emulation greater then crit

  **warning**
  *  if teUpdateStatus is not 'up-to-date'
  *  if teStatusCode is not '0'
  *  if teSubscriptionStatus is not 'valid'
  *  if teCloudSubscriptionStatus if not 'ok'
  *  if monthly quota on cloud used greater then warn
  *  if remaining quota on cloud less then warn
  *  if current files waiting for emulation greater then warn
  
* *wato*: you can configure warn/crit levels for
    * monthly quota on cloud used
    * remaining quota on cloud
    * current files waiting for emulation
thl-cmk's avatar
thl-cmk committed

thl-cmk's avatar
thl-cmk committed
* *perfdata*: 
    * average emulated file size (bytes)
    * average process time (s)
    * average queue size (count)
    * files scanned by threat cloud  (count)
    * files waiting for emulation (count)
    * malicious files detected (count)
    * malicious files detected by threat cloud (count)
    * monthly quota on cloud used (%)
    * peak queue size (count)
    * remaining quota on cloud (count)
    * scanned files (count)

Testetd with: R80.10

thl-cmk's avatar
thl-cmk committed
---
### Download

* [checkpoint_threat_emulation.mkp (latest version)](https://thl-cmk.hopto.org/gitlab/checkmk/check-point/gateway/checkpoint_threat_emulation/-/raw/master/checkpoint_threat_emulation.mkp "Download latest version")

---                   
### Installation

You can install the package by uploading it to your CheckMK site and as site user run `mkp install checkpoint_threat_emulation.mkp`.


In the Enterprise/Free edition of CheckMK you can use the GUI to install the package (_Setup_ -> _Extension Packages_ -> _Upload package_)

---
### Want to contribute?

Nice ;-) Have a look at the [contribution guidelines](CONTRIBUTING.md "Contributing")

---
### Sample output
thl-cmk's avatar
thl-cmk committed

![sample output](/doc/sample.png?raw=true "sample [SHORT TITLE]")