Check Point Firewall
This pack includes Cortex XSIAM content.
Check Point Firewall
- Details
- Content
- Dependencies
- Version History
Manage Check Point firewall via API
Check Point Firewall
This pack includes Cortex XSIAM content.
Configuration on Server Side
You need to configure Check Point to forward Syslog messages in CEF format.
Go to Checkpoint Log Export, and follow the instructions under Basic Deployment to set up the connection using the following guidelines:
- If you use version R77.30 or R80.10, follow the instructions to install a Log Exporter.
- Set the Syslog port to 514 or your agent port.
- Replace the name and <target-server IP address\> in the CLI with the broker VM name and IP address.
Set the format to CEF.
Collect Events from Vendor
In order to use the collector, use the Broker VM option.
Broker VM
To create or configure the Broker VM, use the information described here.
You can configure the specific vendor and product for this instance.
- Navigate to Settings > Configuration > Data Broker > Broker VMs.
- Right-click, and select Syslog Collector > Configure.
- When configuring the Syslog Collector, set the following values:
- vendor as vendor - Checkpoint
- product as product - Firewall
Automations
| Name | Description |
|---|---|
| CheckPointDownloadBackup | Deprecated. Use ssh command instead. Downloads the Check Point policy backup to the Cortex XSOAR War Room. |
| CheckpointFWCreateBackup | Deprecated. Use ssh command instead. Connect to a Check Point firewall appliance using SSH and trigger a task to create a configuration backup of the device. The user account being used to access the device must be set to use the SSH shell and not the built-in Check Point CLI. For more information, consult the CheckPoint documentation. |
| CheckpointFWBackupStatus | Deprecated. Use ssh command instead. Connect to a CheckPoint firewall appliance using SSH and retrieve the status for backup tasks. The user account being used to access the device must be set to use the SSH shell and not the built-in CheckPoint CLI. For more information, consult the CheckPoint documentation. |
Integrations
| Name | Description |
|---|---|
| CheckPoint Firewall v2 | Use this integration to read information and send commands to the Check Point Firewall server. |
| Check Point Firewall (Deprecated) | Deprecated. Use the Check Point Firewall v2 integration instead. Manage Check Point firewall via API |
Playbooks
| Name | Description |
|---|---|
| Checkpoint - Block URL | This playbook blocks URLs using Check Point Firewall through Custom URL Categories. |
| Checkpoint - Block IP - Custom Block Rule | This playbook blocks IP addresses using Custom Block Rules in Check Point Firewall. |
| Checkpoint - Block IP - Append Group | The playbook receives malicious IP addresses as inputs, checks if the object group exists (if not, the object group is created), and appends the related IPs to that object. If you have not assigned the appended group to a rule in your firewall policy, you can use |
| Checkpoint - Publish&Install configuration | Publish the Check Point Firewall configuration and install policy on all available gateways. |
Automations
| Name | Description |
|---|---|
| CheckPointDownloadBackup | Deprecated. Use ssh command instead. Downloads the Check Point policy backup to the Cortex XSIAM War Room. |
| CheckpointFWCreateBackup | Deprecated. Use ssh command instead. Connect to a Check Point firewall appliance using SSH and trigger a task to create a configuration backup of the device. The user account being used to access the device must be set to use the SSH shell and not the built-in Check Point CLI. For more information, consult the CheckPoint documentation. |
| CheckpointFWBackupStatus | Deprecated. Use ssh command instead. Connect to a CheckPoint firewall appliance using SSH and retrieve the status for backup tasks. The user account being used to access the device must be set to use the SSH shell and not the built-in CheckPoint CLI. For more information, consult the CheckPoint documentation. |
Integrations
| Name | Description |
|---|---|
| CheckPoint Firewall v2 | Use this integration to read information and send commands to the Check Point Firewall server. |
| Check Point Firewall (Deprecated) | Deprecated. Use the Check Point Firewall v2 integration instead. Manage Check Point firewall via API |
Modeling Rules
| Name | Description |
|---|---|
CheckPoint Firewall Collection |
Playbooks
| Name | Description |
|---|---|
| Checkpoint - Publish&Install configuration | Publish the Check Point Firewall configuration and install policy on all available gateways. |
| Checkpoint - Block IP - Custom Block Rule | This playbook blocks IP addresses using Custom Block Rules in Check Point Firewall. |
| Checkpoint - Block URL | This playbook blocks URLs using Check Point Firewall through Custom URL Categories. |
| Checkpoint - Block IP - Append Group | The playbook receives malicious IP addresses as inputs, checks if the object group exists (if not, the object group is created), and appends the related IPs to that object. If you have not assigned the appended group to a rule in your firewall policy, you can use |
Required Content Packs (4)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Common Playbooks | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
| Remote Access | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (7)
| Pack Name | Pack By |
|---|---|
| Common Scripts | By: Cortex XSOAR |
| Rasterize | By: Cortex XSOAR |
| Base | By: Cortex XSOAR |
| Filters And Transformers | By: Cortex XSOAR |
| Cortex REST API | By: Cortex XSOAR |
| Remote Access | By: Cortex XSOAR |
| Common Playbooks | By: Cortex XSOAR |
2.3.0 - 3472136 (August 16, 2022)
- 20359
- 20358
Download
Integrations
CheckPoint Firewall v2
** CheckPoint Firewall v2**
Added 5 commands that handle threat protections and threat profiles:
- checkpoint-set-threat-protection
- checkpoint-delete-threat-protections
- checkpoint-add-threat-profile
- checkpoint-show-threat-protections
- checkpoint-show-threat-protection
- Updated the Docker image to: demisto/python3:3.10.5.31928.
- 20359
- 20358
Download
2.2.1 - 2941201 (May 18, 2022)
Scripts
CheckpointFWBackupStatus
- Updated the Docker image to: demisto/python:2.7.18.27799.
CheckpointFWCreateBackup
- Updated the Docker image to: demisto/python:2.7.18.27799.
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | September 23, 2020 | |
| Last Release | November 18, 2024 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
