Check Point

Overview

Configuring a cloud source in Scope is a two-step process.

  • Generating Check Point client credentials in the Check Point Portal. Please refer to Section 1 – Check Point Setup

  • Setting up the Check Point cloud source in the Scope application. Please refer to Section 2 – Scope Setup

Check Point Setup

To get started, you’ll need to generate the following client credentials in the Check Point Portal –

  1. Client ID
  2. API Key
  3. Expiration Date
  4. Base URL (Authentication URL)

Step 1: Create an Account API Key

  • In the Check Point Portal, go to Settings icon -> API Keys.

  • Click New -> New account API key.

  • In the Create a New API Key window, select a Service.

  • For some services, it is necessary to select the applicable Role.

  • In the Expiration field, select an expiration date and time for the API Key. It is recommended to set the expiration date three months from the present date. It is possible, but not recommended, to create an Account API Key without an expiration date.

  • (Optional) In the Description field, enter a description for the API Key.

  • Click Create.

  • The Check Point Portal generates a new API Key.

  • Copy the following values and keep them in a safe place:

    • Client ID – The identifier for your account and for the client service that uses this API key.
    • Secret Key – The password to get access to the Check Point Portal.
    • Authentication URL – Shows the URL address used to authenticate API requests. In addition, it shows the specific gateway that uses this URL to authenticate the Client ID and Secret Key.

    Note: You can always obtain the Client ID from the API Keys table, but you cannot retrieve the Secret Key or Authentication URL after the Create a New API Key window is closed.

  • Click Close.

The generated Client ID, API Key, Expiration Date, and Authentication URL (Base URL) are to be configured in Scope Setup: Step 1 for initiating the Check Point log ingestion.

Scope Setup

Step 1: Check Point Cloud Source Registration in the Scope Application

Once the credentials are generated, they must be configured in the Scope application to establish the connection and enable data ingestion from the Check Point environment.

In the Scope application, to register a Check Point cloud source, navigate to the cloud source registration page –

  • Log into the Scope application

  • Select the required Organization from the Organization dropdown

  • Navigate to the side menu -> Administration

  • Navigate to the Cloud sources tab

  • Click on the +Add Source button

  • In the Add Source pop-up, provide the parameters below.

    • Source: Select the Check Point source from the Source dropdown.

    • Site: The user defined name for the Check Point cloud source.

    • Base URL: The Authentication URL generated in Step 1 should be selected from the dropdown.

    • Client ID: The Client ID generated in Step 1.

    • Access Key: The API Key generated in Step 1.

    • Client Secret Expiry Date: The expiration date of the API Key set in Step 1.

    • Polling Interval: The polling interval for making periodic API calls to the Check Point cloud source. The user can select the time interval from the dropdown.

    • Contact Email: The email address of the person who registers the Check Point cloud source in Scope.

Once the required connection parameters are entered, the Check Point cloud source registration is complete in Scope and is ready for ingestion of Check Point logs.