Creating an OPSEC Application Object

After you add IBM QRadar as a host in Check Point SmartCenter, you can create the OPSEC Application Object.

Procedure

  1. Open the Check Point SmartConsole user interface.
  2. Select Objects > More Object Types > Server > OPSEC Application > New Application.
  3. Configure your OPSEC Application:
    1. Configure the following OPSEC Application Properties parameters.
      Table 1. OPSEC Application Properties
      Parameter Value
      Name Specify a name for the OPSEC application. For example, QRadar-OPSEC
      Host QRadar
      Client Entities LEA
    2. Click Communication.
    3. In the One-time password field, type the password that you want to use.
    4. In the Confirm one-time password field, type the password that you used for One-time password.
    5. Click Initialize.
    6. Click Close.
  4. Select Menu > Install Policy
  5. Click Publish & Install.
  6. Click Install.
  7. Select Menu > Install Database.
  8. Click Install.
    Note: The SIC value is required for the OPSEC Application Object SIC attribute parameter when you configure the Check Point log source in QRadar. The value can be found by viewing the OPSEC Application Object after it is created.
    The OPSEC Application Object resembles the following example:
    CN=QRadar=OPSEC,0=cpmodule..tdfaaz

Results

If you have issues after you install the database policy, contact your system administrator to restart Check Point services on the central SmartCenter server that hosts the policy files. After services restart, the updated policies are pushed to all Check Point appliances.