Check Point Harmony Email & Collaboration

This is a beta feature that requires manual enablement by Dropzone support for your tenant. The integration will not be visible in the Dropzone UI until it has been enabled. Please contact your Dropzone AI support representative before attempting to set up this integration.

The Dropzone AI platform integrates with Check Point Harmony Email & Collaboration APIs. This document describes how to set up OAuth credentials in the Check Point Infinity Portal and install them into the Dropzone platform.

The integration automatically ingests the following email security alert types from Check Point Harmony:

phishing - Phishing email alerts
malware - Malware email alerts
suspicious_phishing - Suspicious phishing email alerts
suspicious_malware - Suspicious malware email alerts
anomaly - Admin-blacklisted emails and other anomalies

Create Oath credentials

Check Point Harmony requires an Account API Key to enable. To create an Account API Key, do the following:

In your Check Point Infinity Portal, navigate to ⚙️ > API Keys

Navigate to New > New account API key

Under "Service," select Email & Collaboration
In the Expiration field, select an expiration date and time for the API Key

To avoid repeating this process, Dropzone advises assigning a lengthy expiration date. Once the API key expires, you will need to generate a new one.

In the Description field, enter a memorable description for the API Key, such as "Dropzone AI"
Click "Create"

Copy the Client ID, Secret Key, and Authentication URL shown for use later in the Dropzone UI where they are called "Client ID," "Secret Key," and "Authentication URL (API Endpoint)" respectively

You can always obtain the Client ID from the API Keys table, but you cannot retrieve the Secret Key or Authentication URL after the Create a New API Key window is closed. Be sure to record all three values before you leave the page.

Click "Close"

For additional information, see the Check Point Infinity Portal API Keys Documentation.

Enable Check Point Harmony

The Alert source integration allows Dropzone AI to pull alerts from Check Point Harmony Email & Collaboration for investigation.

You'll need the following information:

Dropzone Field

Source

Client ID

The "Client ID" value you copied earlier

Secret Key

The "Secret Key" value you copied earlier

Authentication URL (API Endpoint)

The "Authentication URL" value you copied earlier

To enable the Alert Source integration, do the following:

Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app
In the bottom left hand corner, navigate to Settings > Integrations

Click "Available"

In the Search bar, search Check Point, then click "Configure"

Input the Client ID, Secret Key, and Authentication URL

Under "Enabled Severities," select which severity levels to ingest from Check Point Harmony
Under "Enabled States," select which event states to ingest from Check Point Harmony

If all severities or all states are disabled, no alerts will be fetched.

Input your desired poll interval and lookback

Click "Test & Save" to finish

You should begin ingesting alerts immediately.

This integration supports backfilling historical alerts via the AlertBackfill system. Backfills are processed in 1-hour chunks. See the Alert Sources overview for more information on backfilling.

If you have any errors engage your Dropzone AI support representative.

PreviousCross-Account Access via Role Chaining NextCrowdStrike

Last updated 7 days ago

Was this helpful?