Step 1 - Create a CrowdStrike Data Connection
To create a crowdstrike data connection:
- Log in to the Falcon portal.
-
Click the Menu icon and go to Next-Gen SIEM > Log management > Data settings.

-
Go to the Data connections tab and click Add connection.

-
In the Data connections page, enter Check Point in the search bar and filter by connector name.

-
Select Check Point Email & Collaboration Security Data Connector.
The New Connection details page appears.

- In the Connection name field, enter the required connector name.
- In the Description (Optional) field, enter the required description.
-
In the Parsing and enrichment section:
- By default, Check PointAvanan parser is selected.
- Select the Enable host enrichment checkbox.
- Select checkbox for terms and conditions.
-
Click Create connection.
In the Connection Details page, Generate API key banner appears.

- Click Generate API key.
-
In the Connection setup page, copy the API URL and API Key to configure SIEM integration.
Note:Make sure to note down the API URL and API Key, as they will not be available again.