Check Point Harmony Email and Collaboration (HEC)
Check Point Harmony Email and Collaboration (HEC) Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.9.0 and later.
The Best Way to Protect Enterprise Email & Collaboration from phishing, malware, account takeover, data loss, etc. This integration was integrated and tested with version 1.0.3 of CheckPointHEC
#
Configure Check Point Harmony Email and Collaboration (HEC) on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Check Point Harmony Email and Collaboration (HEC).
Click Add instance to create and configure a new integration instance.
Parameter Required Smart API URL (e.g. https://smart-api-dev-1-us.avanan-dev.net) True Fetch incidents False Incident type False Maximum number of incidents per fetch False Client ID True Client Secret True First fetch time False Trust any certificate (not secure) False Use system proxy settings False Incidents Fetch Interval False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
checkpointhec-get-entityRetrieve specific entity
#
Base Commandcheckpointhec-get-entity
#
InputArgument Name | Description | Required |
---|---|---|
entity | Entity id to retrieve. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointHEC.Entity.internetMessageId | String | Email message id in internet. |
CheckPointHEC.Entity.subject | String | Email subject. |
CheckPointHEC.Entity.received | String | Datetime email was received in iso 8601 format. |
CheckPointHEC.Entity.size | String | Email size. |
CheckPointHEC.Entity.emailLinks | unknown | Links in email. |
CheckPointHEC.Entity.attachmentCount | Number | Number of attachments in email. |
CheckPointHEC.Entity.attachments | unknown | File attachments in email. |
CheckPointHEC.Entity.mode | String | Internal policy rule. |
CheckPointHEC.Entity.recipients | unknown | Recipient email addresses. |
CheckPointHEC.Entity.subject | String | Email subject. |
CheckPointHEC.Entity.fromEmail | String | Email sender. |
CheckPointHEC.Entity.fromDomain | String | Domain where the email was sent from. |
CheckPointHEC.Entity.fromUser | unknown | Sender user details. |
CheckPointHEC.Entity.fromName | String | Sender name. |
CheckPointHEC.Entity.to | unknown | Email main recipients. |
CheckPointHEC.Entity.toUser | unknown | User details for main recipients. |
CheckPointHEC.Entity.cc | unknown | Email carbon copy recipients. |
CheckPointHEC.Entity.ccUser | unknown | User details for carbon copy recipients. |
CheckPointHEC.Entity.bcc | unknown | Email blind carbon copy recipients. |
CheckPointHEC.Entity.bccUser | unknown | User details for blind carbon copy recipients. |
CheckPointHEC.Entity.replyToEmail | String | Email reply. |
CheckPointHEC.Entity.replyToNickname | String | Email reply nickname. |
CheckPointHEC.Entity.isRead | Boolean | Email has been read. |
CheckPointHEC.Entity.isDeleted | Boolean | Email has been deleted. |
CheckPointHEC.Entity.isIncoming | Boolean | Email is from external organization. |
CheckPointHEC.Entity.isInternal | Boolean | Email is from same organization. |
CheckPointHEC.Entity.isOutgoing | Boolean | Email is to an external organization. |
CheckPointHEC.Entity.isQuarantined | Boolean | Email has been quarantined. |
CheckPointHEC.Entity.isQuarantineNotification | Boolean | Email is a notification of another quarantined email. |
CheckPointHEC.Entity.isRestored | Boolean | Email is restored from quarantine. |
CheckPointHEC.Entity.isRestoreRequested | Boolean | Email is a request to restore. |
CheckPointHEC.Entity.isRestoreDeclined | Boolean | Email is a declined restore request. |
CheckPointHEC.Entity.saasSpamVerdict | String | Spam verdict. |
CheckPointHEC.Entity.SpfResult | String | Sender Policy Framework check result. |
CheckPointHEC.Entity.restoreRequestTime | String | Restore request datetime in iso 8601 format. |
#
checkpointhec-get-email-infoRetrieve specific email entity
#
Base Commandcheckpointhec-get-email-info
#
InputArgument Name | Description | Required |
---|---|---|
entity | Email entity id. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointHEC.Email.fromEmail | String | Email sender. |
CheckPointHEC.Email.to | unknown | Email main recipients. |
CheckPointHEC.Email.replyToEmail | String | Email reply. |
CheckPointHEC.Email.replyToNickname | String | Email reply nickname. |
CheckPointHEC.Email.recipients | unknown | Recipient email addresses. |
CheckPointHEC.Email.subject | String | Email subject. |
CheckPointHEC.Email.cc | unknown | Email carbon copy recipients. |
CheckPointHEC.Email.bcc | unknown | Email blind carbon copy recipients. |
CheckPointHEC.Email.isRead | Boolean | Email has been read. |
CheckPointHEC.Email.received | String | Datetime email was received in iso 8601 format. |
CheckPointHEC.Email.isDeleted | Boolean | Email has been deleted. |
CheckPointHEC.Email.isIncoming | Boolean | Email is from external organization. |
CheckPointHEC.Email.isOutgoing | Boolean | Email is to an external organization. |
CheckPointHEC.Email.internetMessageId | String | Email message id in internet. |
CheckPointHEC.Email.isUserExposed | Boolean | Email reached user inbox |
#
checkpointhec-get-scan-infoRetrieve specific email scan with positive threats
#
Base Commandcheckpointhec-get-scan-info
#
InputArgument Name | Description | Required |
---|---|---|
entity | Scanned entity id. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointHEC.ScanResult.ap | unknown | Anti-phishing scan results |
CheckPointHEC.ScanResult.dlp | unknown | Data Loss Prevention scan results |
CheckPointHEC.ScanResult.clicktimeProtection | unknown | Click Time Protection scan results |
CheckPointHEC.ScanResult.shadowIt | unknown | Shadow IT scan results |
CheckPointHEC.ScanResult.av | unknown | Antivirus scan results |
#
checkpointhec-search-emailsGet email ids with same sender and/or subject
#
Base Commandcheckpointhec-search-emails
#
InputArgument Name | Description | Required |
---|---|---|
date_range | Range to search for emails (1 day, 2 weeks, etc.). | Required |
sender | Search emails with this sender. | Optional |
subject | Search emails with this subject. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointHEC.SearchResult.ids | unknown | List of email ids returned by the search |
#
checkpointhec-send-actionQuarantine or restore an email
#
Base Commandcheckpointhec-send-action
#
InputArgument Name | Description | Required |
---|---|---|
farm | Customer farm. | Required |
customer | Customer portal name. | Required |
entity | One or multiple Email ids to apply action over. | Required |
action | Action to perform (quarantine or restore). Possible values are: quarantine, restore. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointHEC.Task.task | String | Task id of the sent action |
#
checkpointhec-get-action-resultGet task info related to a sent action
#
Base Commandcheckpointhec-get-action-result
#
InputArgument Name | Description | Required |
---|---|---|
farm | Customer farm. | Required |
customer | Customer portal name. | Required |
task | Task id to retrieve. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointHEC.ActionResult.actions | unknown | Action information for each sent entity |
CheckPointHEC.ActionResult.created | String | Date when action was created in iso 8601 format |
CheckPointHEC.ActionResult.customer | String | Customer portal name |
CheckPointHEC.ActionResult.failed | Number | Number of failed actions |
CheckPointHEC.ActionResult.id | Number | Action task id |
CheckPointHEC.ActionResult.name | String | Action name |
CheckPointHEC.ActionResult.owner | String | Action owner |
CheckPointHEC.ActionResult.progress | Number | Number of actions in progress |
CheckPointHEC.ActionResult.sequential | Boolean | Actions are in sequence |
CheckPointHEC.ActionResult.status | String | Action status |
CheckPointHEC.ActionResult.succeed | Number | Number of succeed actions |
CheckPointHEC.ActionResult.total | Number | Total of actions |
CheckPointHEC.ActionResult.type | String | Action internal name |
CheckPointHEC.ActionResult.updated | String | Date when action last updated in iso 8601 format |
#
checkpointhec-send-notificationSend notification about user exposition for the specific entity to the list of emails
#
Base Commandcheckpointhec-send-notification
#
InputArgument Name | Description | Required |
---|---|---|
entity | Email entity id. | Required |
emails | List of emails to send notification. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CheckPointHEC.Notification.ok | Boolean | Result of the operation. |