About SIQL
Security Intelligence Query Language (SIQL) is a domain-specific query language designed to query the configurations, changes, audit checks, and usage analysis stored by Security Manager, Policy Planner, and Policy Optimizer. "Domain-specific" means SIQL knows about devices, policies, and rules, as well as their properties (like a device's name and vendor, a rule's source, source IP address, service protocol, service port, zones, comments, etc.).
It is accessible as a set of REST services. The services accept a SIQL query string, and return a JSON response.
You can use SIQL to answer questions like:
- Which policies on devices in group "ABC" do not have a global drop rule?
- Which rules were created after July 16 and do not have a Comment that includes the text "CCN"?
- Which of my Check Point devices has more than five rules that fail my "Find Rules with Any" audit check?