What Changed
Check Point Cyberint Alerts solution version 3.0.1 corrects DCR transform formatting and adds customer name parameter to connector headers for proper API authentication.
Data Fidelity Risk (Pre-Fix)
The DCR transform JSON contained formatting inconsistencies in the dataFlows configuration that could impact data ingestion reliability. Additionally, the connector was missing the customer name in API headers, which may have caused authentication failures with the Cyberint Argos API.
DCR Transform Corrections
- Formatting fix: Cleaned up JSON structure in CyberintArgosAlertsLogs_DCR.json dataFlows configuration
- Field mappings preserved: The transformKql logic remains unchanged, ensuring consistent field normalization (update_date → TimeGenerated, type → event_type, title → event_title)
Connector Configuration Updates
- API endpoint: Updated to use proper parameter substitution for argosurl
- Customer authentication: Added X-Integration-Customer-Name header with customer name parameter for proper API authentication
- UI enhancement: Added customer name input field to connector configuration interface
Security Impact (Visibility & Fidelity)
Organizations with Check Point Cyberint deployments should update to prevent potential authentication failures and ensure reliable alert ingestion. The DCR formatting fix addresses potential data flow interruptions that could cause missing threat intelligence alerts.
Affected Files
Solutions/Check Point Cyberint Alerts/Data Connectors/CyberintArgosAlertsLogs_ccp/CyberintArgosAlertsLogs_DCR.json Solutions/Check Point Cyberint Alerts/Data Connectors/CyberintArgosAlertsLogs_ccp/CyberintArgosAlertsLogs_PollingConfig.json Solutions/Check Point Cyberint Alerts/Data Connectors/CyberintArgosAlertsLogs_ccp/CyberintArgosAlertsLogs_connectorDefinition.json (packaging artefacts: mainTemplate.json, createUiDefinition.json, ReleaseNotes.md)