Trend Vision One enables sharing of suspicious object data with Check Point Open Platform for Security (OPSEC) through a Service Gateway.
Configure sharing of suspicious object data with this integration
through a Service Gateway.
NoteAt least one Service Gateway installed with the Suspicious Object Exchange
Service must be configured to enable integration.
For more information, see Service Gateway Management.
|
Procedure
- Configure settings on your integration.
Note
The following steps were performed using version R80.10 of the Check Point SmartConsole.If you are using a different version, refer to the documentation for your version.- On the Check Point SmartConsole, go to .
- Click Add rule above to add a new rule.
- To configure the new policy, right-click the action, and then change the action to Accept.
- Right-click the source and select Add new items....
- Click .The New Address Range dialog appears.
- In the Enter Object Name field, type Trend Micro Vision One.
- In the First IP address and Last IP address fields, type the Trend Vision One Service Gateway IP address.
- Click OK.
- Right-click the destination and select Add new items....
- Click .The New Address Range dialog appears.
- In the Enter Object Name field, type Check Point.
- In the First IP address and Last IP address fields, type your Check Point appliance IP address.
- Click OK.
- Click Install Policy.A confirmation dialog appears.
- Click Publish & Install.
- Click Install.Your Check Point appliance is configured to receive suspicious object data from the Trend Vision One Service Gateway.
- Configure settings on Trend Vision One.
- Go to .
- In the Integration column, click Check Point Open Platform for Security (OPSEC).
- Use the toggle to enable or disable the integration.
- Review the Legal Statement and click Accept or Close to continue.
- Under Data Transfer, configure data sharing criteria and integration settings.
-
Frequency: Select the frequency at which suspicious object data is shared.
-
Action: Select what action Check Point Open Platform for Security (OPSEC) should apply.
-
Frequency: Select the frequency at which suspicious object data is shared.
-
Batch size for processing: Select the batch size for processing.
-
Time before integration process timeout: Select time before the integration process times out.
-
- Under Service Gateway
Connection, configure the connection between the Service
Gateway and the integration.
-
Click Connect.The Service Gateway Connection panel appears.
-
Select a Service Gateway installed with the Suspicious Object Exchange Service.
-
Configure the integration server settings.
-
(Optional) Click Test Connection to verify if the settings are valid.
-
Click Connect.The connection configuration is added to the list.
-
(Optional) Click the Distribute Now icon () to distribute suspicious object data to your Check Point appliance immediately.
-
- Repeat the previous step to add multiple connection configurations for this integration.
- Click Save.
- (Optional) To view the suspicious object data distributed
by the Trend Vision One Service Gateway on the Check Point SmartConsole, do the following.
- On the Check Point SmartConsole, click Logs & Monitor on the left pane, and then click the New icon to add a new tab.
- On the new tab, click Tunnel & User
Monitoring.The SmartView Monitor screen appears.
- Click the Launch Menu icon,
and then select .The Enforced Suspicious Activity Rules dialog appears.
- At Show On, select your Check Point appliance.
- Click Refresh.Suspicious object data distributed by the Trend Vision One Service Gateway is displayed.