diff --git a/docs/assets/instructions/checkpoint/checkpoint_api_key_form.png b/docs/assets/instructions/checkpoint/checkpoint_api_key_form.png new file mode 100644 index 0000000000..ed59bbc35a Binary files /dev/null and b/docs/assets/instructions/checkpoint/checkpoint_api_key_form.png differ diff --git a/docs/assets/instructions/checkpoint/checkpoint_global_settings.png b/docs/assets/instructions/checkpoint/checkpoint_global_settings.png new file mode 100644 index 0000000000..ccfe936d89 Binary files /dev/null and b/docs/assets/instructions/checkpoint/checkpoint_global_settings.png differ diff --git a/docs/assets/instructions/checkpoint/checkpoint_new_key.png b/docs/assets/instructions/checkpoint/checkpoint_new_key.png new file mode 100644 index 0000000000..e119cba071 Binary files /dev/null and b/docs/assets/instructions/checkpoint/checkpoint_new_key.png differ diff --git a/docs/xdr/features/collect/integrations/endpoint/checkpoint_harmony.md b/docs/xdr/features/collect/integrations/endpoint/checkpoint_harmony.md new file mode 100644 index 0000000000..8d04c8a304 --- /dev/null +++ b/docs/xdr/features/collect/integrations/endpoint/checkpoint_harmony.md @@ -0,0 +1,49 @@ +uuid: ff53e0db-059b-4e16-ba90-8c4dbf5cee35 +name: Checkpoint Harmony +type: intake + +## Overview + +Check Point Harmony is the industry's first unified security solution for users devices and access. + +!!! warning + Important note - This format is currently in beta. We highly value your feedback to improve its performance. + +{!_shared_content/operations_center/detection/generated/suggested_rules_ff53e0db-059b-4e16-ba90-8c4dbf5cee35_do_not_edit_manually.md!} + +{!_shared_content/operations_center/integrations/generated/ff53e0db-059b-4e16-ba90-8c4dbf5cee35.md!} + +## Configure + +### Create authentication credentials + +1. Login to your Checkpoint Harmony account and navigate to `Profile > Global Settings` + + ![Global settings](/assets/instructions/checkpoint/checkpoint_global_settings.png) + +2. Go to `API Keys` and click on `New` + + ![API Keys](/assets/instructions/checkpoint/checkpoint_new_key.png) + +3. Update required fields with next information and create `API Key`: + * Service: Harmony Mobile (1) + * Expiration: If you pass an empty field, it means that API Key will not expire until you delete it. (2) + * Description: You can specify any description that you want. (3) + * Roles: `Read-Only` + + ![API Key Form](/assets/instructions/checkpoint/checkpoint_api_key_form.png) + +4. Copy values of `Client ID`, `Secret Key` and `Authentication URL` and save them for the configuration of the connector. + +### Create the intake + +To create the intake, go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Checkpoint Harmony`. + +### Pull events + +To start to pull events, you have to: + +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Checkpoint Harmony](../../../automate/library/checkpoint.md) trigger +2. Set up the module configuration with the Client ID, Client Secret and Authentication URL. +3. Set up the trigger configuration with the intake key +4. Start the playbook and enjoy your events diff --git a/mkdocs.yml b/mkdocs.yml index 909a4251c0..946b48df8a 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -154,6 +154,7 @@ nav: - Beats: - Auditbeat Linux: xdr/features/collect/integrations/endpoint/auditbeat_linux.md - Winlogbeat: xdr/features/collect/integrations/endpoint/winlogbeat.md + - Checkpoint Harmony: xdr/features/collect/integrations/endpoint/checkpoint_harmony.md - CrowdStrike Falcon: xdr/features/collect/integrations/endpoint/crowdstrike_falcon.md - CrowdStrike Falcon Telemetry: xdr/features/collect/integrations/endpoint/crowdstrike_falcon_telemetry.md - Cybereason MalOp: xdr/features/collect/integrations/endpoint/cybereason_malop.md