Has anyone successfully used the CrowdSec blocklist integration with a Check Point firewall IOC feed? Checkpoint | CrowdSec
The documentation is pretty straight forward but it fails to pull the IOC feed. When putting the feed URL into a browser, I get an error “{“message”:“Unauthorized”}”.
https://<username>:<password>@admin.api.crowdsec.net/v1/integrations/<integration_id>/content
It doesn’t matter whether I use the Check Point integration or Raw IP list because I receive the same error. The Feed URL picture in the documentation also does not match the format listed.
There might be an issue with your firewall, as some versions of checkpoint fail to do basic authentication correctly and is a known bug that they patched in later versions of the firewall.
if you currently have a supported firewall check for patches or updates that can be applied.
edit: if you get unauthorized via browser then it could be that the username or password are incorrect try regenerating it via the console interface to eliminate copy and paste errors.
Still getting unauthorized via browser. I’ve regenerated username and password several times. I should also note that I am subscribed to a blocklist so that shouldn’t be an issue. I’m thinking that once I can verify the URL works in a browser, I can troubleshoot Check Point if needed. Thanks!
As a follow-up, can anyone verify they can successfully view a integration/blocklist using a web browser?
i.e. https://<username>:<password>@admin.api.crowdsec.net/v1/integrations/<integration_id>/content
or
curl -u ‘username:password’ https://admin.api.crowdsec.net/v1/integrations/${content_id}/content
I’ve tested this multiple times over different (public) networks and continue to receive a 401 error {“message”:“Unauthorized”}. I’ve also regenerated my credentials several times.