Issue importing Threat Prev Profile

[scottthomasborland]

I am aware of the issue already posted where a shared Threat Prevention Layer fails to import. I attempted to get around it by creating an unshared Threat Prevention Layer with the same profiles. When exporting, the Threat Profiles seem to export successfully, but getting the below error messages when trying to import. ("threat_profile_name" substituted)

Failed to import threat-profile with name [threat_profile_name]. Error: message: Invalid parameter for [overrides]. Invalid value code: generic_err_invalid_parameter

Failed to import threat-rule. Error: message: Requested object [threat_profile_name] not found code: generic_err_object_not_found

I'm not very Python/CPapi savvy or I might be able to correct this from the source code.

[chkp-royl]

Hi @scottthomasborland, Thanks for reporting on that issue. In order to investigate it please do the following:

1. Reproduce the issue
2. Connect to MGMT via SSH and execute api status -s
3. Send the output (.tgz file) + tool logs to [email protected]

As a workaround, I suggest to delete 'overrides' field when try to import threat-profile and handle it manually. In addition, as it is an open source, we encourage you to contribute and suggest code fixes/improvements in the future.

Regards, Roy

[reagles01]

Hello,

first of all, thanks a lot for this tool i find it very usefull, right now I am having the same issue, and I am not an expert in python so when you said "delete 'overrides' " where exactly do you suggest to do it?

Regards

Reagles01

[chkp-royl]

You have 2 options:

1. On import object section add code that delete 'overrides' from the payload if object type is threat-profile. Look for 'add_object' function, for example here.
2. Manually edit the export file, open tar.gz file, look for all the files of 'threat-profile.csv' and remove all appearance of that field.

Roy