Configure the Configuration Monitor in IBM
QRadar Risk Manager to
connect to the Check Point SMS. Add the OPSEC Application details from the SmartDashboard, and
request a security certificate from Check Point.
Procedure
-
Log in to QRadar as an
administrator.
-
Click the Risks tab.
-
From the navigation menu, click and then click
Add.
- In the Credential Sets pane, click
Add.
- In the Credential Set Editor window, in the
Name field, type a name for your credential.
- From the DN field in your Check Point SmartDashboard, copy and
paste the OPSEC Entity SIC Name into the OPSEC Entity SIC Name
field.
- Replace the CN= property value in the OPSEC Entity SIC Name field
with: cp_mgmt_hostname where <hostname> is the
Host name that is used for the OPSEC application Host
field.
The following examples show an OPSEC Application DN and OPSEC Application Host, which is used to
create the Entity SIC Name:
Tip: Use text from the OPSEC Application DN and the OPSEC Application Host to form the
Entity SIC Name:
The Entity SIC Name is
CN=cp_mgmt_Srvxxx-SMS,O=svxxx-CPSMS..bsaobx
The Entity SIC
Name in this configuration is based on a Gateway to Management Server setup. If your SMS
IP address is not used as a gateway, use the Management Server configuration from the
table:
Table 1. Entity SIC Name formats
Type |
Name |
Management Server |
CN=cp_mgmt,O=<take_O_value_from_DN_field> |
Gateway to Management Server |
CN=cp_mgmt_<gateway_hostname>,O=<take_O_value
from_DN_field> |
- From the DN field in your Check Point SmartDashboard, copy and
paste the OPSEC Application Object SIC Name into the OPSEC Application Object SIC
Name field.
- To configure the OPSEC SSL Certificate, click Get
Certificate.
-
In the Pull OPSEC Certificate window, enter the SMS IP address in the
Certificate Authority IP field.
- From the DN field in your Check Point SmartDashboard, copy and
paste the OPSEC Application Object SIC Name into the OPSEC Application Object SIC
Name field.
-
Enter the one-time password in the Pull Certificate Password
field.
The one-time password is taken from the Communication window in the
OPSEC Application Properties of the SmartDashboard, where you selected the
CPMI checkbox for the client entity.
-
Click OK.
If successful, the OPSEC SSL Certificate field is populated and
disabled.
- Click OK.
- In the Credential Configuration pane, click
Save.
- In the Communication pane of the OPSEC Application
Properties window, verify that the Trust State property changes to
Trust established.
The credentials are
configured.
-
On the navigation menu, click Device Discovery.
- From the Discovery List, select your device and click
Run.
What to do next
Initialize rule counting for Check Point. For more information, see Initializing rule counting for Check Point.