Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Newbie on Phantom on Check Point

poctalk
Engager
‎12-12-2018 05:24 AM

I'm working on building a POC to test gateways with Phantom and I can't seem to get this working. I've created an asset and a Check Point Management, but I keep getting this error message. I must be skipping a step and there isn't much documentation to work with.

App 'Check Point Firewall' started successfully (id: 1544619295625) on asset: 'chkpfw'(id: 7)
Loaded action execution configuration
Using base URL 'https://10.1.1.101:443/web_api/'
Connecting to https://10.1.1.101:443/web_api/...
Could not connect to Check Point. Connectivity test failed. No action executions found.

Tags (1)
Reply

cblumer_splunk
Splunk Employee
Splunk Employee
‎08-28-2019 11:31 AM

It's recommended to check the logs on the Phantom host whenever there are issues with connectivity for an integration:
/var/log/phantom/spawn.log
/var/log/phantom/wsgi.log

A netcat test can also be executed from the Phantom host to confirm network connectivity:
sudo nc -vz 192.168.28.121 443

Reply

cblumer_splunk
Splunk Employee
Splunk Employee
‎08-28-2019 01:03 PM

It looks like the Management API feature was introduced in the R80 Check Point Release:
https://sc1.checkpoint.com/documents/latest/APIs/index.html#api_versions~v1.5%20

Here are the Checkpoint API Docs:
https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/introduction~v1.5%20

Checkpoint App for Phantom:
https://my.phantom.us/4.5/docs/app_reference/phantom_checkpoint

0 Karma
Reply

manrodriguez
Engager
‎07-17-2019 06:00 AM

Hello poctalk!!!

Any answer for this issue? how can you resolved this issue? in this moment i have the same problem with a checkpoint version R77.30, i tried differents ways to connect but nothing.

I appreciate your feedback.

Regards!

0 Karma
Reply
Get Updates on the Splunk Community!

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Community Content Calendar, October Edition

Welcome to the October edition of our Community Spotlight! The Splunk Community is a treasure trove of ...