Cyberint / ERM Integration with TEM

Overview

Check Point Threat Exposure Management (TEM) integrates with External Risk Management (Cyberint/ERM) to correlate vulnerabilities with existing security controls, enabling organizations to prioritize remediation of critical risks. This approach ensures that vulnerability management is aligned with broader threat exposure insights, thereby reducing risk and strengthening the overall security posture.

Supported Capability

Vulnerability Remediation

• Identifies, correlates, and prioritizes vulnerabilities across your environment.

• Provides actionable insights to remediate vulnerabilities effectively through compensating controls, such as configuration changes, access restrictions, or virtual patching.

• Ensures that remediation actions are tracked and verified, supporting continuous risk reduction and improved security posture.

Integrating ERM with TEM

• Step 1: Configure ERM Integration

• Step 2: Configure TEM Portal

Step 1 - Configuring ERM Integration

1. Generate an API Token

   To enable the ERM integration, an API token must be generated for authentication. The steps to generate the token depend on whether ERM is accessed directly from the ERM portal or through the Check Point Portal.

   1. From Check Point Portal

      1. Log in to the Check Point Portal.

      2. Click Settings > API Keys.

         

      3. Click New and configure the API key.

         For detailed instructions on creating and managing API keys in the Check Point Portal, see Check Point Portal Administration Guide – API Keys.

   2. From the ERM Portal

      1. Log in to the ERM portal.

      2. From the left-navigation panel, click on the Profile icon > User Settings.

         

      3. Navigate to Generate API Token and click Generate API Token.

         

      4. In the API Token pop-up that appears, choose one of these options:

         

         • Copy Token to Clipboard

         • Download Token to File

         Note - This is a one-time token. Save it securely for future use.

2. Identify Your Environment: The environment is your ERM subdomain. For example, if your portal URL is https://check-point-demo.erm.com, then the environment is check-point-demo.

3. Configure the Alerts:

   1. Navigate to Alerts Configuration, and review available alert categories:

      

      • Phishing

      • Attackware

      • Brand

      • Data

      • Vulnerabilities

   2. Configure the alert parameters:

      

      • Enable or disable alerts.

      • Set severity overrides.

      • Define conditions for closing alerts.

Step 2 - Configuring the TEM Portal

1. Log in to the TEM portal.

2. Navigate to Settings > Integrations > Catalog > Cyberint.

   

3. In the Cyberint pop-up that appears, navigate to the Connection tab and enter the following details.

   

   • In the Connection Name field, enter a name for the integration connection.

   • In the Environment field, specify the environment name associated with the integration.

   • In the API Key field, enter the API token copied from the ERM platform.

4. Click Connect to establish a connection.