AlienVault® USM Anywhere™

Configuring the AlienApp for Check Point

Role Availability Read-Only Analyst Manager

AlienApp for Check Point Requirements

Before you can begin configuration, you must have the following information from your Check Point instance

  • IP address or hostname
  • Port
  • Username and password
  • Optional: Certificate Authority (CA) Certificate

Check Point Configurations

You need to have the API configured to automatically start in order for USM Anywhere to communicate with the API. You should also allow API calls from all IP addresses. You also need a user account with read and write user permissions

To setup your Check Point API

  1. Log in to the Check Point SmartConsole.
  2. Go to Manage & Settings > Blades > Management API and click the Advanced Settings button.
  3. Under Startup Settings, select the Automatic Start checkbox.
  4. Under Access Settings, select All IP addresses.

    Check Point API options

  5. Click OK.

To make sure your account has read and write permissions

  1. Log in to the Check Point SmartConsole.
  2. Go to Manage & Settings > Permissions and Administrators.
  3. Double click on your account.
  4. Under Permissions, click the Permissions Profile box and select Read Write All.
  5. Click OK.

To enable the AlienApp for Check Point

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Available Apps tab

  3. Click the Check Point tile.

  4. Click the Settings tab.
  5. Enter the following items:

    • IP address or hostname
    • Port
    • Username
    • Password
  6. Optionally, Check Validate HTTPS host name and Require CA certificate and enter the CA certificate if you want to use this option.

    Note: If you want to deploy into your network and use a self-signed CA certificate, then you will need to upload it here. The certificate can by found in the /web/conf/server.crt file path.

  7. Click Save .

Forward Check Point Syslog Messages to USM Anywhere

To fully integrate USM Anywhere with the AlienApp for Check Point, you need to configure syslog forwarding in the Check Point device or management server to send the events to your sensor, and then assign the CheckPoint FW1 plugin to the asset(s) representing the Check Point device or management server.

See the Check Point Log Exporter guide and follow the steps outlined in the Basic Deployment section to configure syslog forwarding.

Assign Check Point to your assets

Because the CheckPoint FW1 plugin does not support automatic asset discovery, you must manually assign the CheckPoint FW1 plugin to the asset(s) representing the Check Point device or management server’s IP address in USM Anywhere. If the CheckPoint FW1 plugin isn't assigned to any assets, the Check Point events will be handled by the AlienVault Generic Plugin, which will result in some of the data from the log not being properly parsed or associated with the plugin.

See Manual Integration Management for instructions on how to assign the AlienApp for Check Point to your assets.