Create a Check Point custom permission profile for a multi-domain server

To enable QRadar Risk Manager access to the Check Point SMS HTTPS adapter API, you must create a permission profile on the Check Point Multi-Domain Server that includes the "Run One Time Script" permission.

About this task

You can create a custom permission profile that includes this permission, but is less permissive than the "Read Write All" or "Read Only All" profile.

Procedure

  1. On the MDS Console with SmartDashboard, click Manage & Settings > Permissions & Administrators > Permission Profiles.
  2. Click New Domain Permissions Profile.
  3. On the Overview tab, select Customized.
  4. On the Gateways tab, select One Time Script.
  5. On the Access Control tab, select the following options:
    • Show Policy
    • Edit layers by the Software Blades – Leave the check boxes cleared.
    • NAT Policy – Set the permission to Read.
    • Access Control Objects and Settings – Set the permission to Read.
  6. On the Threat Prevention tab, select Settings and set the permission to Read.
  7. On the Others tab, select the following options:
    • Common Objects – Set the permission to Read.
    • Check Point Users Database – Set the permission to Read.
  8. On the Monitoring and Logging tab, leave the check boxes cleared.
    Important: Ensure that any options that are not listed in Steps 3 – 8 are not selected.
  9. Click OK to finish the Domain Permission Profile and return to the Permission Profiles page.
  10. Click New Multi-Domain Permissions Profile.
  11. Under Multi-Domain Levels, select Domain Level Only.
  12. Under Multi-Domain Management, select Management API Login.
  13. Under Global Management, select View global objects in domain.
  14. Under Domain Management, select Default profile for all Domains, and select the Domain Profile you created in steps 2 – 9.
  15. Click OK and assign your user to this new permission profile.