Integrate Check Point by using OPSEC

This section describes how to ensure that IBM® QRadar® accepts Check Point events using Open Platform for Security (OPSEC/LEA).

To integrate Check Point OPSEC/LEA with QRadar, you must create two Secure Internal Communication (SIC) files and enter the information in to QRadar as a Check Point log source.

Check Point configuration overview

To integrate Check Point with QRadar, you must complete the following procedures in sequence:

  1. Add QRadar as a host for Check Point.
  2. Add an OPSEC application to Check Point.
  3. Locate the Log Source Secure Internal Communications DN.
  4. In QRadar, configure the OPSEC LEA protocol.
  5. Verify the OPSEC/LEA communications configuration.