Establishing secure communication between Check Point and IBM QRadar

Configure the Configuration Monitor in IBM QRadar Risk Manager to connect to the Check Point SMS. Add the OPSEC Application details from the SmartDashboard, and request a security certificate from Check Point.

Before you begin

Configure OPSEC applications in the Check Point SmartDashboard and configure the Check Point log source. For more information, see Configuring OPSEC applications in the SmartDashboard and Configuring the Check Point log source. You must have the OPSEC Entity SIC Name from the DN field in your Check Point SmartDashboard to connect to the Check Point SMS.

Procedure

  1. Log in to QRadar as an administrator.
  2. Click the Risks tab.
  3. From the navigation menu, click Configuration Monitor > Credentials and then click Add.
  4. In the Credential Sets pane, click Add.
  5. In the Credential Set Editor window, in the Name field, type a name for your credential.
  6. From the DN field in your Check Point SmartDashboard, copy and paste the OPSEC Entity SIC Name into the OPSEC Entity SIC Name field.
  7. Replace the CN= property value in the OPSEC Entity SIC Name field with: cp_mgmt_hostname where <hostname> is the Host name that is used for the OPSEC application Host field.

    The following examples show an OPSEC Application DN and OPSEC Application Host, which is used to create the Entity SIC Name:

    • OPSEC Application DN: CN=cpsmsxxx,O=svxxx-CPSMS..bsaobx

    • OPSEC Application Host: Srvxxx-SMS

    Tip: Use text from the OPSEC Application DN and the OPSEC Application Host to form the Entity SIC Name:

    The Entity SIC Name is CN=cp_mgmt_Srvxxx-SMS,O=svxxx-CPSMS..bsaobx

    The Entity SIC Name in this configuration is based on a Gateway to Management Server setup. If your SMS IP address is not used as a gateway, use the Management Server configuration from the table:

    Table 1. Entity SIC Name formats
    Type Name
    Management Server CN=cp_mgmt,O=<take_O_value_from_DN_field>
    Gateway to Management Server CN=cp_mgmt_<gateway_hostname>,O=<take_O_value from_DN_field>
  8. From the DN field in your Check Point SmartDashboard, copy and paste the OPSEC Application Object SIC Name into the OPSEC Application Object SIC Name field.
  9. To configure the OPSEC SSL Certificate, click Get Certificate.
  10. In the Pull OPSEC Certificate window, enter the SMS IP address in the Certificate Authority IP field.
  11. From the DN field in your Check Point SmartDashboard, copy and paste the OPSEC Application Object SIC Name into the OPSEC Application Object SIC Name field.
  12. Enter the one-time password in the Pull Certificate Password field.
    The one-time password is taken from the Communication window in the OPSEC Application Properties of the SmartDashboard, where you selected the CPMI checkbox for the client entity.
  13. Click OK.

    If successful, the OPSEC SSL Certificate field is populated and disabled.

  14. Click OK.
  15. In the Credential Configuration pane, click Save.
  16. In the Communication pane of the OPSEC Application Properties window, verify that the Trust State property changes to Trust established.
    The credentials are configured.
  17. On the navigation menu, click Device Discovery.
  18. From the Discovery List, select your device and click Run.

What to do next

Initialize rule counting for Check Point. For more information, see Initializing rule counting for Check Point.