To enable QRadar
Risk Manager access to
the Check Point SMS HTTPS adapter API, you must create a permission profile on the Check Point
Multi-Domain Server that includes the "Run One Time Script" permission.
About this task
You can create a custom permission profile that includes this permission, but is less permissive
than the "Read Write All" or "Read Only All" profile.
Procedure
-
On the SMS Console with SmartDashboard, click .
-
Click Create New Profile.
-
On the Overview tab, select Customized.
-
On the Gateways tab, select One Time
Script.
-
On the Access Control tab, select the following options:
- Show Policy
- Edit layers by the Software Blades – Leave the check boxes
cleared.
- NAT Policy – Set the permission to
Read.
- Access Control Objects and Settings – Set the permission to
Read.
-
On the Threat Prevention tab, select Settings and
set the permission to Read.
-
On the Others tab, select the following options:
- Common Objects – Set the permission to
Read.
- Check Point Users Database – Set the permission to
Read.
-
On the Monitoring and Logging tab, leave the check boxes cleared.
-
On the Management tab, select Management API
Login.
Important: Ensure that any options that are not listed in Steps 3 – 9 are not
selected.
-
Click OK and assign your user to this new permission profile.