https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/226975#M43641 <P>The sk given by Akos and Lesley is your best bet.</P> <P>Andy</P> Tue, 17 Sep 2024 18:11:14 GMT the_rock 2024-09-17T18:11:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/87013#M6708 <P>Hello members,</P><P>i have Checkpoint security firewall and would like to integrate it with FortiSIEM solution i need help as it is my first time to implement.</P><P>&nbsp;</P><P>thanks</P> Tue, 02 Jun 2020 07:11:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/87013#M6708 FD 2020-06-02T07:11:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/87066#M6713 <P>If it takes syslog, jsut use log exporter</P> Tue, 02 Jun 2020 13:28:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/87066#M6713 _Val_ 2020-06-02T13:28:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/156749#M27048 <P>Hi,</P><P>Did you manage to integrate the logs in fortisiem via Log exporter? Is the parser correct? Can you share the settings you used?</P><P>&nbsp;</P><P>Thanks</P> Wed, 07 Sep 2022 12:55:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/156749#M27048 egas84 2022-09-07T12:55:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/226966#M43636 <P>Hi,</P><P>&nbsp;</P><P>can you share the settings to integrate with FortiSiem</P> Tue, 17 Sep 2024 16:42:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/226966#M43636 peroskhan 2024-09-17T16:42:24Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/226967#M43637 <P>What do you mean under settings?</P> <P>This is the original SK:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk122323" target="_blank" rel="noopener">https://support.checkpoint.com/results/sk/sk122323</A></P> <P>You can&nbsp; setup based on your needs. Usually we send syslog to FortiSien, and the SIEM will parse the logs.&nbsp;</P> <P>Have a look at in this:</P> <P><A href="https://docs.fortinet.com/document/fortisiem/7.1.4/external-systems-configuration-guide/335430/check-point-firewall-1" target="_blank" rel="noopener">https://docs.fortinet.com/document/fortisiem/7.1.4/external-systems-configuration-guide/335430/check-point-firewall-1</A></P> <P>You need to send syslog in CEF format according to this sample:</P> <P><STRONG><CODE>cp_log_export add name &lt;<EM>Name</EM>&gt; [domain-server {mds | all}] target-server &lt;<EM>HostName or IP address of Target Server</EM>&gt; target-port &lt;<EM>Port on Target Server</EM>&gt; protocol {udp | tcp} format {syslog | splunk |&nbsp;cef | leef | generic | json | logrhythm | rsa} [&lt;<EM>Optional Arguments</EM>&gt;]</CODE></STRONG></P> Tue, 17 Sep 2024 17:18:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/226967#M43637 AkosBakos 2024-09-17T17:18:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/226968#M43638 <P>Hi,</P><P>I use the following:<BR />cp_log_export add name FortiSiem target-server x.x.x.x target-port 514 protocol udp format cef<BR />cp_log_export restart name FortiSiem</P><P>&nbsp;</P><P>Regards,</P> Tue, 17 Sep 2024 17:20:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/226968#M43638 egas84 2024-09-17T17:20:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/226974#M43640 <P><A href="https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_LoggingAndMonitoring_AdminGuide/Topics-LMG/Log-Exporter-Configuration-in-SmartConsole.htm?tocpath=Log%20Exporter%7C_____2" target="_blank">https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_LoggingAndMonitoring_AdminGuide/Topics-LMG/Log-Exporter-Configuration-in-SmartConsole.htm?tocpath=Log%20Exporter%7C_____2</A></P> <P>Start with above and then:</P> <P><A href="https://support.checkpoint.com/results/sk/sk122323" target="_blank">https://support.checkpoint.com/results/sk/sk122323</A></P> <P>Better to create object in SmartConsole. Before you always had to start from CLI but that changed and made it more easy. Still can do all via CLI but via GUI is better.&nbsp;</P> <P>If all changes are done check with tcpdump if you see traffic being send out. tcpdump -nni any host IP port 514</P> Tue, 17 Sep 2024 18:01:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/226974#M43640 Lesley 2024-09-17T18:01:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/226975#M43641 <P>The sk given by Akos and Lesley is your best bet.</P> <P>Andy</P> Tue, 17 Sep 2024 18:11:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Check-Point-Integration-with-FortiSIEM-solution/m-p/226975#M43641 the_rock 2024-09-17T18:11:14Z