Configuring OPSEC applications in the SmartDashboard

Create and configure two OPSEC applications in your Check Point Smart Dashboard to facilitate transferring log files between Check Point and IBM QRadar.

About this task

Create two Open Platform for Security (OPSEC) applications. One needs a client entity property of Check Point Management Interface (CPMI) for QRadar Risk Manager. The other needs a client entity property of Log Export API (LEA) for the QRadar Risk Manager log source.

Procedure

  1. From the Manage menu on the toolbar, click Servers and OPSEC Applications.
  2. Click New > OPSEC Application.
  3. In the Name field, type a name for the application.
  4. From the Host list, select a host, or click New to add a host.
  5. Under Client Entities, select the CPMI checkbox .
    Important: This option is required for QRadar Risk Manager Configuration Monitor.
  6. Click Communication.
  7. In the One-time password field, type a password and then confirm it.
    Important: Make note of the password, as it is used several times during setup, and you need to reuse it so that QRadar can use a security certificate from Check Point.
  8. Click Initalize.

    The Trust state changes to Initialized but trust not established.

  9. Click Close.
  10. To populate the DN field in the Secure Internal Communication section, click OK.
  11. To view the populated DN field, select your OPSEC Application, and click Edit.

    The DN field is now populated. Make note of this information to use it for the Application Object SIC Attribute (SIC Name) and the SIC Attribute (SIC Name) when you set up the log source and Configuration Monitor in QRadar.

  12. Create the second OPSEC application to use with the log source.

    Follow steps 1-11 for creating the first OPSEC Application, with two exceptions:

    • For the Name field in step 3, use a different name from the first OPSEC application.
    • For Client Entities in step 5, select the LEA checkbox.

    Make sure that the Trust state displays Initialized but trust not established.

    Tip: Use the same one-time password for this OPSEC application to avoid any confusion with passwords.
  13. In SmartDashboard, close all windows until you get back to the main SmartDashboard window.
  14. From the Policy menu on the toolbar, click Install.
  15. Click Install on all selected gateways if it fails do not install on gateways of the same version.

What to do next

Configuring the Check Point log source