Step 1 - Create a CrowdStrike Data Connection

To create a crowdstrike data connection:

  1. Log in to the Falcon portal.
  2. Click the Menu icon and go to Next-Gen SIEM > Log management > Data settings.

  3. Go to the Data connections tab and click Add connection.

  4. In the Data connections page, enter Check Point in the search bar and filter by connector name.

  5. Select Check Point Email & Collaboration Security Data Connector.

    The New Connection details page appears.

  6. In the Connection name field, enter the required connector name.
  7. In the Description (Optional) field, enter the required description.
  8. In the Parsing and enrichment section:
    1. By default, Check PointAvanan parser is selected.
    2. Select the Enable host enrichment checkbox.
    3. Select checkbox for terms and conditions.
  9. Click Create connection.

    In the Connection Details page, Generate API key banner appears.

  10. Click Generate API key.
  11. In the Connection setup page, copy the API URL and API Key to configure SIEM integration.

    Note:

    Make sure to note down the API URL and API Key, as they will not be available again.