Integrate Check Point by using OPSEC
This section describes how to ensure that IBM QRadar accepts Check Point events using Open Platform for Security (OPSEC/LEA).
To integrate Check Point OPSEC/LEA with QRadar, you must create two Secure Internal Communication (SIC) files and enter the information in to QRadar as a Check Point log source.
Check Point configuration overview
To integrate Check Point with QRadar, you must complete the following procedures in sequence:
- Add QRadar as a host for Check Point.
- Add an OPSEC application to Check Point.
- Locate the Log Source Secure Internal Communications DN.
- In QRadar, configure the OPSEC LEA protocol.
- Verify the OPSEC/LEA communications configuration.