The Check Point Infinity Events Advanced App is available for log collection only. The app is used to collect events from Check Point Infinity, which is a centralized platform that provides a unified view of all security logs and events across the Check Point portfolio
The API documentation used to create this app can be found here: infinity-events-api | 1.0.0 | Check-Point | SwaggerHub
CONFIGURATION
To configure the app, users will need a valid Hostname, Client ID, and Access Key.
To generate an API key from Check Point Infinity, go to the Settings icon and select "API Keys". From there, you can generate a new key.
Click on the Save button to save the credentials.
Once the status is green, you know that the app has been configured successfully.
ACTIONS
There are no response actions available for this advanced app at this time. The Actions tab will show users the link to the API reference guide (referenced above as well).
SCHEDULER PAGE
The Check Point Infinity Events app is scheduled to pull logs every 15 minutes by default. Users can change this schedule from the UI by toggling the enable button on the scheduler and then editing the job.
This API requires a taskId and pageToken to fetch the logs accordingly. Whenever the user resets the app configuration and when the first scheduler runs, startDate will be set to 5 months before timestamp and endDate will always be the current timestamp. Once logs are received, the last event endDate will be saved and the same will be used as startDate in the next scheduler run to avoid duplicates.
HISTORY PAGE
For every successful run of the scheduler, a success message along with the number of events fetched will be displayed in the schedulers page. If the scheduler fails to fetch the logs, an error message will be displayed.
DATA CONSUMPTION MONITORING
If the Advanced App is not consuming data from Check Point Infinity Events, USM Anywhere will create an event automatically.
Users can choose a time period in the dropdown list for when they want an event created when no logs are received. Available time periods are 30 minutes, 1 hour, 2 hours, 6 hours, 12 hours, 24 hours, and 72 hours.
