Check Point for Microsoft Sentinel solutions

Solution: Check Point

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index

---

Attribute	Value
Publisher	Check Point
Support Tier	Partner
Support Link	https://www.checkpoint.com/support-services/contact-support/
Categories	domains
Version	2.0.2
Author	Microsoft - support@microsoft.com
First Published	2021-08-13
Solution Folder	Check Point
Marketplace	Azure Marketplace · Popularity: 🟡 Low (41%)

The Checkpoint solution for Microsoft Sentinel enables you to ingest Check Point firewall logs into Microsoft Sentinel.

** Underlying Microsoft Technologies used: **

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

a. Agent-based log collection (CEF over Syslog)

Additional Information

📖 Vendor Documentation: Check Point Log Fields Description - Log field definitions and descriptions

Contents

• Data Connectors
• Tables Used
• Content Items
• Additional Documentation

Data Connectors

This solution does not include data connectors.

This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.

Tables Used

This solution queries 1 table(s) from its content items:

Table	Used By Content
CommonSecurityLog	Workbooks

Content Items

This solution includes 2 content item(s):

Content Type	Count
Workbooks	1
Playbooks	1

Workbooks

Name	Tables Used
CheckPoint	CommonSecurityLog

Playbooks

Name	Description	Tables Used
checkpoint-add-host-to-group	This playbook will create Check Point objects and add to block group	-

Additional Documentation

📄 Source: Check Point/README.md

Check Point Software Technologies Logic Apps Connector and Sentinel Playbook templates

Table of Contents

1. Overview
2. Deploy Connector and Playbook templates
3. Deployment instructions
4. Test the playbook
5. Security Recommendations

Overview

The Check Point Logic App Connector and Playbooks allows you to automate security operations to all managed Check Point devices. The connector enables you to run Logic App playbooks that utilize Check Point Management API to automate most common security operations tasks.

For more information see:

Check Point Management API
Logic App Overview

Deploy Connector and Playbook templates

This package includes:

1. Custom Connector which is based on Check Point Management API v1.6
2. Playbook that will create IP objects and add objects to group
3. FunctionApp Proxy

You can deploy Custom Connector, FunctionApp Proxy and Playbook all together or seperately from their specific folder.

Deployment instructions

1. Create an API key from Check Point management console

   
   

2. Launch the template
   

[Content truncated...]

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index