Add Check Point Cyberint Alerts bi-directional sync playbooks (v3.1.0)

[klevitskiy]

Change(s):

• Add bi-directional sync playbooks for Check Point Cyberint Alerts solution (CPEM Base, Inbound/Outbound Sync, Manual Status Update, Automation Rules)
• Add enrichment playbooks (Fetch Attachments, IOC Enrichment)
• Add response playbooks (Credential Leak Response, Phishing Takedown, Vulnerability Monitoring)
• Add CPEMAlerts KQL parser with alert type metadata lookup and deduplication by ref_id
• Add CPEMAlertIngestionAnomaly analytic rule
• Add CPEMAlertOverview workbook
• Update solution package to v3.1.0 with nested playbook deployments
• Fix ref_id column type from datetime to string in DCR and table definitions
• Add Customer Name field to connector configuration
• Rename logo to checkpoint.svg

Reason for Change(s):

• Enable bi-directional alert sync between Check Point Cyberint (Infinity External Risk Management) and Microsoft Sentinel
• Provide automated enrichment and response workflows for SOC teams
• Fix data ingestion issue where ref_id values were silently dropped due to incorrect column type
• Address duplicate alert ingestion issue reported by customers (parser-level dedup by ref_id)

Version Updated:

• Solution package updated from 3.0.0 to 3.1.0

Testing Completed:

• Yes
• Deployed mainTemplate.json to test Sentinel workspace (eastus)
• Verified all playbooks render in Content Hub
• Validated connector configuration with API key and Argos URL
• Confirmed workbook renders with sample data

Checked that the validations are passing and have addressed any issues that are present:

• Yes

[klevitskiy]

@microsoft-github-policy-service agree company="Check Point"

[klevitskiy]

@v-maheshbh Hi, thank you for your assistance! All checks have passed, could you please review the PR when you get a chance?

[klevitskiy]

@v-maheshbh Hi, sorry to bug you again. Thanks for your help so far! All checks have passed - could you take a look at the PR when you have a moment?

[klevitskiy]

@v-maheshbh Hi, thank you for the recommendation. I made the single PR for review instead of two. Could you please review the PR when you get a chance?

[v-maheshbh]

Hi @klevitskiy

Kindly resolve the branch conflicts.

Thanks!

[v-maheshbh]

Hi @klevitskiy

Kindly add both black‑and‑white preview images inside the workbook preview images folder.

Thanks!

[klevitskiy]

Hi @klevitskiy

Kindly add both black‑and‑white preview images inside the workbook preview images folder.

Thanks!

@v-maheshbh Hi, I've added required screenshots. Let me know if anything else need to be added there

[v-maheshbh]

Hi @klevitskiy
Kindly add both black‑and‑white preview images inside the workbook preview images folder.
Thanks!

@v-maheshbh Hi, I've added required screenshots. Let me know if anything else need to be added there

Hi @klevitskiy

kindly refer below solution for more details:

https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CiscoMeraki/Workbooks/Images/Preview

Thanks!

[klevitskiy]

Hi @klevitskiy

kindly refer below solution for more details:

https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CiscoMeraki/Workbooks/Images/Preview

Thanks!

@v-maheshbh Hi, Thank you for your patience and endless support! I've updated the workbook preview screenshots. To be honest, I'm not quite following your comment, the link shows 2 screenshots (black and white appearances), which matches what I attached. This PR has been open for a month now. I'd really appreciate it if we could wrap it up soon. Thanks again!

[v-maheshbh]

Hi @klevitskiy
Kindly review the comment carefully and add both black‑and‑white preview images inside the workbook preview images folder. Currently, I do not see any preview images present in the solution.

Thanks!

[klevitskiy]

Hi @klevitskiy Kindly review the comment carefully and add both black‑and‑white preview images inside the workbook preview images folder. Currently, I do not see any preview images present in the solution.

Thanks!

@v-maheshbh Hi, you are looking at the wrong folder

[v-maheshbh]

Hi @klevitskiy

Create this folder here and add images. hope you get my point. or give me branch access.

Thanks!

[klevitskiy]

Hi @klevitskiy

Create this folder here and add images. hope you get my point. or give me branch access.
Thanks!

@v-maheshbh Hi, thank you again for your patience and the helpful hint. I've created new folders and uploaded the screenshots

[v-maheshbh]

Hi @klevitskiy

Kindly grant me branch access to resolve the validation error.

Thanks!

[klevitskiy]

@v-maheshbh Hi, I've granted you access to the branch. Let me know if you have any issues

[klevitskiy]

@v-maheshbh Thanks for the help! What's left to get this PR ready for merge?

[v-maheshbh]

Hi @klevitskiy

The data file includes a total of 9 playbooks; however, one playbook is not reflected in the mainTemplate.
Additionally, there is a solution name mismatch — the solution name is defined as "Name": "Check Point Exposure Management Alerts" in the data file, whereas the correct solution name should be “Check Point Cyberint Alerts”
so kindly update accordingly.

Thanks!

[klevitskiy]

Hi @klevitskiy

The data file includes a total of 9 playbooks; however, one playbook is not reflected in the mainTemplate. Additionally, there is a solution name mismatch — the solution name is defined as "Name": "Check Point Exposure Management Alerts" in the data file, whereas the correct solution name should be “Check Point Cyberint Alerts” so kindly update accordingly.

Thanks!

@v-maheshbh Hi, fixed it! Hopefully it looks correct now

[v-maheshbh]

Hi @klevitskiy
The data file includes a total of 9 playbooks; however, one playbook is not reflected in the mainTemplate. Additionally, there is a solution name mismatch — the solution name is defined as "Name": "Check Point Exposure Management Alerts" in the data file, whereas the correct solution name should be “Check Point Cyberint Alerts” so kindly update accordingly.
Thanks!

@v-maheshbh Hi, fixed it! Hopefully it looks correct now

Kindly repackage the solution so that the solution name changes are correctly reflected in the mainTemplate.json.

[klevitskiy]

Hi @klevitskiy
The data file includes a total of 9 playbooks; however, one playbook is not reflected in the mainTemplate. Additionally, there is a solution name mismatch — the solution name is defined as "Name": "Check Point Exposure Management Alerts" in the data file, whereas the correct solution name should be “Check Point Cyberint Alerts” so kindly update accordingly.
Thanks!

@v-maheshbh Hi, fixed it! Hopefully it looks correct now

Kindly repackage the solution so that the solution name changes are correctly reflected in the mainTemplate.json.

Done! ✅

[v-maheshbh]

Hi @klevitskiy
The data file includes a total of 9 playbooks; however, one playbook is not reflected in the mainTemplate. Additionally, there is a solution name mismatch — the solution name is defined as "Name": "Check Point Exposure Management Alerts" in the data file, whereas the correct solution name should be “Check Point Cyberint Alerts” so kindly update accordingly.
Thanks!

@v-maheshbh Hi, fixed it! Hopefully it looks correct now

Kindly repackage the solution so that the solution name changes are correctly reflected in the mainTemplate.json.

Done! ✅

Thanks!

[klevitskiy]

@v-maheshbh Hi, thanks for pointing me on that! Fixed