This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
grandpafirewall
Employee Alumnus
Employee Alumnus
‎2018-12-26 03:13 PM

Integration with Splunk Phantom

In an effort to start building the Check Point/Phantom ecosystem, I'm posting an integration document I created to share with the community; and to understand the need to increase our footprint with Phantom (now Splunk Phantom).  I have a Github site setup for to collect Playbooks; json; rpm's; and Python files (see below)   The document is still in draft and currently under review and will welcome any feedback.  The document is an integration guide and is not the authority nor a tutorial for Phantom.  The Phantom management portal has a very extensive documentation.

 

The document was written with R80.10, but I'm currently testing R80.20M2 with this as the API features are much more extensive.

 

The R80 REST API is very powerful and will continue to have features added in future releases.  

 

 

 

Github:  GitHub - rickdevera/phantom-checkpoint 

 

automation‌

 

/richard devera

 

For the full list of White Papers, go here

Preview file
908 KB
3 Replies
Martin_Valenta
Advisor
‎2018-12-27 02:40 AM

Hey Rick, which other playbooks except block/allow IP you use or plan to use within your org?

0 Kudos
grandpafirewall
Employee Alumnus
Employee Alumnus
‎2018-12-27 05:30 AM
In response to Martin_Valenta

I'm working with a Check Point partner to demonstration the how we fit into their existing services.  The Playbooks aren't limited to just the Check Point functions.  You can use combine other Apps and their Actions to be used in a single Playbook, (For example, I can gather information gained from other Assets (ie VendorX firewall, URL service, etc) and take action.  The Check Point playbook I created is very basic, and only demonstrates how I can use it with our API.   So we should develop more Apps that can be used in Playbooks.  For example, our Threat Cloud API can be used if we can create an App.  Does this help? 

0 Kudos
Chris_Atkinson
Employee
Employee
‎2018-12-27 02:48 AM

Thanks for sharing!

0 Kudos