Check Point Harmony Email & Collaboration

The Dropzone AI platform integrates with Check Point Harmony Email & Collaboration APIs. This document describes how to set up OAuth credentials in the Check Point Infinity Portal and install them into the Dropzone platform.

Integration Overview

To enable this integration you will perform the following actions:

• Create OAuth credentials (API key) in the Check Point Infinity Portal

• Install the credentials into your Dropzone tenant

• Configure integration parameters, such as poll interval and lookback

The integration automatically ingests the following email security alert types from Check Point Harmony:

• phishing - Phishing email alerts

• malware - Malware email alerts

• suspicious_phishing - Suspicious phishing email alerts

• suspicious_malware - Suspicious malware email alerts

• anomaly - Admin-blacklisted emails and other anomalies

Create an API Key

To create an Account API Key in the Check Point Infinity Portal, do the following:

• In the Infinity Portal, go to ⚙️ > API Keys

• Click New > New account API key

• In the Create a New API Key window, select a Service

  • Select Email & Collaboration

• In the Expiration field, select an expiration date and time for the API Key

  • The expiration date and time chosen is up to the customer.

  • Note that this process must be repeated to continue using the integration when the API Key expires.

• Optional - In the Description field, enter a description for the API Key (e.g., "Dropzone AI Integration Key")

• Click Create

The Infinity Portal generates a new API Key.

• Copy these values and keep them in a safe place:

  • Client ID - The Identifier for your account and for the client service that uses this API key

  • Secret Key - The secret key that goes along with the Client ID, used by the integration to make API calls to your Check Point account

  • Authentication URL - The URL address used to authenticate API requests

Enable Check Point Harmony

The Alert source integration allows Dropzone AI to pull alerts from Check Point Harmony Email & Collaboration for investigation.

You'll need the following information:

To enable the Alert Source integration, do the following:

• Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

• In the bottom left hand corner, navigate to Settings > Integrations

• Click "Available"

• In the Search bar, search "Check Point", then click "Configure"

• Under the Alert Source header, input the Client ID, Secret Key, and Authentication URL (API Endpoint)

• Under "Enabled Severities", select which severity levels to ingest from Check Point Harmony:

  • Critical

  • High

  • Medium

  • Low

  • Lowest

• Under "Enabled States", select which event states to ingest from Check Point Harmony:

  • Pending

  • Detected

  • Remediated

  • Exception

  • Dismissed

• The section under Alert queries allows for customization of polling settings. The default settings are generally sufficient.

  • Log Ingestion Delay: Wait time before an alert is considered ready for ingestion (default: 5 minutes)

  • Poll Interval: Sleep time between poll loops (default: 60 seconds, minimum: 30 seconds)

  • Poll Lookback: How far back to query each poll loop (default: 3600 seconds / 1 hour)

• Click "Test & Save" to finish

You should begin ingesting alerts immediately.

If you have any errors engage your Dropzone AI support representative.

Additional Resources

• Check Point Infinity Portal API Keys Documentation

• Check Point HEC API Reference Guide

• Check Point HEC API Swagger Documentation