Check Point Quantum Smart-1 Cloud Integration

Note: This integration requires Cisco XDR Advantage or Cisco XDR Premier licensing tier.

Check Point Quantum Smart-1 Cloud is a unified network security policy management platform for firewalls, applications, users, and workloads. With real-time threat visibility, large-scale event logging, and rich Management API.

This integration uses the Management API to access Check Point NGFW alerts. Check Point NGFW is built on the basic concept of traditional firewalls but additionally includes deep packet inspection, application-level inspection, intrusion prevention, and advanced malware prevention capabilities like sandboxing. It also brings in threat intelligence from outside the firewall.

Integration with Check Point Quantum Smart-1 Cloud allows Cisco XDR to incorporate NGFW alerts in investigations. These alerts provide detailed visibility into network traffic and malicious activity. Use this integration to query for security detections of observables including IP, hostname, domain, process name, file name, URL, MD5, and SHA-256.

This integration also provides an automatic target in Cisco XDR automation which can be used for various firewall-related workflow use cases.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the Check Point Quantum Smart-1 Cloud integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The Check Point Quantum Smart-1 Cloud integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Check Point Quantum Smart-1 Cloud integration in Cisco XDR.

You can perform the following tasks after you integrate Check Point Quantum Smart-1 Cloud with Cisco XDR:

  • Investigations - Start a new investigation into any combination of domains, hostnames, file names, IP addresses, MD5 hashes, process names, URLs, and SHA-256 hashes and the results will include any records of them found in your Check Point Quantum Smart-1 Cloud. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know Check Point Quantum Smart-1 Cloud has recent information. For details, see Investigate.

  • Pivot Menu - Install the Check Point Quantum Smart-1 - Add IP Address to Network Group workflow from the Automation Exchange to use the Pivot menu to add an IP address to a network group in Check Point Quantum Smart-1 Cloud.

  • Automation:

    • Atomic Actions - The atomic actions for Check Point Quantum Smart-1 Cloud can be used as building blocks in custom workflows. These can be found as available Actions in the left menu of the Workflow Editor. See Atomic Actions and Workflows.

    • Workflows - The workflows for Check Point Quantum Smart-1 Cloud can be installed from the Automation Exchange. See Workflows and Exchange.

    • Target - The Check Point Quantum Smart-1 Cloud target is automatically created for out-of-box and custom workflows. See Targets Created From Integrations.