- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: QRadar Integration
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
QRadar Integration
Hi All,
Our customer has MDS environment. They have MDS-HA and MLM and integrated to the QRadar. We will upgrade environment from R77.30 to the R80.10.
I just wonder that is there any problem with Qradar? I know Check Point use SHA256 for opsec. We need to change this to SHA-1. After this will everything work normally?
Thanks.
Kind Regards,
Kasim Gokbel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I haven't done the Q-Radar integration, just Alert Logic, but there was a thread earlier referring to IBM Knowledge Center for this subject.
Of interest may be also this thread: https://community.checkpoint.com/message/12894-lea-port-not-listening .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, yes, we use QRADAR and just went through this. It is working. We did use SHA256 and it did work. SHA 256 did not work for our Symantec Managed Services Appliance (LCP3.0) and we had to switch to SHA1 but QRADAR worked fine. Below is how we configured the LEA settings for QRADAR. Good Luck:
Log Source Name (Our CP Log Server Name)
Log Source Desc Checkpoint Log Server
Log Source Type Checkpoint
Protocol OPSEC/LEA
Log Source IDentifier (the ip address of our log server)
Server IP (also the ip of our log server)
Server Port 18184
Use Server IP for Log Source Checked
Statistics Report Interval 600
Authentication Type sslca
OpSEC App Obj SIC Attr The DN path of your OPSEC application Object
Log Source SIC Attribute The DN path of your logging server
Specify Certificate Checked
Certificate Authority IP IP of your management server
Pull Certificate Password the shared / trusted SIC secret you specified in OBSEC object
OPSEC Application Just the name of the application ( I used the short non-DN name of the OPSEC Object)
Enabled Checked
Target Collector which QRADAR appliance do you want to reach out to the Log Server
Coalescing Events Checked
Store Event Payload Checked
Log Source Extension I left this blank
Select QRadar Groups Check the group you want.
This site was helpful:
IBM Knowledge Center