Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.airmdr.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The Check Point Harmony Email integration enables AirMDR to collect and analyze Harmony Email & Collaboration security events using REST APIs. This helps SOC teams investigate email-based threats such as phishing, malware, suspicious URLs, DLP violations, spam, and shadow IT activity.

Supported Versions

ComponentSupported Details
ProductCheck Point Harmony Email & Collaboration
PlatformCheck Point Infinity Portal
AuthenticationClient ID and Client Secret
API MethodREST API
AirMDR RequirementRemote Agent or AirMDR integration connector with outbound HTTPS access
PortTCP 443

Authentication

Check Point Harmony Email uses Client ID and Client Secret to generate an API access token. The access token is then used in the Authorization header for API requests.
Create a dedicated API key for AirMDR. Do not reuse an API key shared with another third-party tool.

Pre-requisites

Users must have Administrator access to the Check Point Infinity Portal.
Ability to create and manage API Keys (Client ID & Client Secret).
AirMDR Remote Agent installed and active (if required by deployment model).

Configure Check Point Harmony Email (API Key Generation)

1

Access Infinity Portal

  1. Log in to the Check Point Infinity Portal
  2. Navigate to:
    Account Settings → API Keys.
2

Create a New API Key

  1. Click New
  2. Select New Account API Key
  3. In the Create a New API Key window:
    • Choose Email & Collaboration as the service.
3

Generate Credentials

  1. Enter a Description:
    For example: AirMDR - Harmony Email Integration 
  2. Select an Expiration Date (recommended as per policy).
  3. Assign appropriate role/permissions (if prompted).
    Use least-privilege access while assigning permissions.
4

Generate Credentials

  1. Click Create
  2. Copy and securely store:
    • Client ID
    • Client Secret (Secret Key)
    • Authentication URL (if displayed)
    The Client Secret is visible only once. Store it securely before closing the window.
    The Client ID can be viewed later from the API Keys table, but the Client Secret Key and Authentication URL cannot be retrieved after closing the creation window.
5

Identify Region and Base URL

Determine Tenant Region

  • Identify your tenant region from the Infinity Portal URL
  • Use the region where your Check Point Harmony Email tenant is hosted.
    For Example:
    • us.portal.checkpoint.com → USA region
RegionBase URL
Indiahttps://cloudinfra-gw.in.portal.checkpoint.com/app/hec-api/
USAhttps://cloudinfra-gw-us.portal.checkpoint.com/app/hec-api/
Europehttps://cloudinfra-gw.portal.checkpoint.com/app/hec-api/
UKhttps://cloudinfra-gw.uk.portal.checkpoint.com/app/hec-api/
Australiahttps://cloudinfra-gw.ap.portal.checkpoint.com/app/hec-api/
Canadahttps://cloudinfra-gw.ca.portal.checkpoint.com/app/hec-api/
UAEhttps://cloudinfra-gw.me.portal.checkpoint.com/app/hec-api/

Validate API Authentication

Use the following sample request to verify that the Client ID and Client Secret are working: 
curl -X POST "https://cloudinfra-gw.portal.checkpoint.com/auth/external" \
  -H "Content-Type: application/json" \
  -d '{
    "clientId": "<CLIENT_ID>",
    "accessKey": "<CLIENT_SECRET>"
  }'
Replace the authentication host based on the region shown in your Check Point API key details.
{
  "token": "<ACCESS_TOKEN>",
  "expiresIn": 3600
}

Configure Check Point Harmony Email in AirMDR Integrations Dashboard

  1. Navigate to AirMDR, provide the credentials and click Login
  2. Navigate to the AirMDR Integrations Dashboard in the left navigation pane and select Integrations.
  3. Use the search option, enter the keyword “Check Point Harmony Email”, select the Connections tab, and click + Create button.
  4. Enter an unique name to the Instance (e.g., your org name-Check Point Harmony Email) to easily identify the user connection by AirMDR.
  5. Enter the application credentials like Client ID, and Client Secret in the Authentication Details field params, and click Save.

Skills provided by this Integration

Skill IDPurpose
Quarantine Checkpoint Harmony EntitiesQuarantine one or more entities by ID in Checkpoint Harmony Email. Use this to isolate suspicious or malicious emails.
Restore Checkpoint Harmony EntitiesRestore one or more previously quarantined entities by ID in Checkpoint Harmony Email. Use this to release false-positive quarantines.
Get Checkpoint Harmony Entity DetailsFetch detailed information for a specific entity in Checkpoint Harmony Email, including email headers, attachments, and security verdicts.
Search Checkpoint Harmony EntitiesSearch for entities in Checkpoint Harmony Email by sender, domain, subject, or recipient. Supports threat hunting with date range or duration filters.
Get Checkpoint Harmony Security EventsSearch and retrieve security events from Checkpoint Harmony Email by type, severity, date range or duration. Supports filtering by event type, severity, Saas provider, and confidence indicator.
To view the details of Input Parameters and Output for the respective skills

Additional Information

ErrorPossible CauseRecovery
Authentication failedInvalid Client ID or Client SecretRegenerate API key and update AirMDR
Secret not retrievableAPI key window was closedCreate a new API key
Region mismatchWrong base URL selectedVerify tenant region and update base URL
403 ForbiddenAPI key lacks required service/roleRecreate key with Email & Collaboration service
404 Not FoundIncorrect endpointValidate region-specific base URL
Connection timeoutRemote Agent cannot reach Check PointCheck DNS, firewall, proxy, and TCP 443
No events receivedPolling window too narrow or no new eventsIncrease lookback interval and verify Harmony Email activity
To Delete the API Key:

Identify the Key

  • Ensure the API key is no longer in use by AirMDR or any other integration
    Deleting an active API key will immediately break the integration.

Delete the API Key

  1. In Settings → API Keys, locate the target key
  2. Click the Delete option (trash icon or action menu)
  3. Confirm the deletion when prompted

Post-Deletion Validation

After deleting or rotating an API key:
  • Verify AirMDR integration status:
    • Should not show authentication errors
  • Check logs for failures: 
    authentication failed: invalid clientId or accessKey
  • Confirm new key is functioning correctly
  • Use a dedicated API key exclusively for AirMDR integration
  • Store Client Secret securely (avoid plaintext in scripts, logs, or shared documents)
  • 📧 Contact AirMDR Support through your designated support channel.
  • 🔁 Rotate credentials regularly.
  • 🔄 Reconnect in AirMDR when secrets are changed.