topic Integrating SandBlast Mobile and security information and event management (SIEM) system in Mobile https://community.checkpoint.com/t5/Mobile/Integrating-SandBlast-Mobile-and-security-information-and-event/m-p/3471#M26 <HTML><HEAD></HEAD><BODY><P>This functionality enables the forwarding of all the Check Point SandBlast Mobile security and system alerts as they are generated and presented in the dashboard, to any standard Syslog Server in Syslog format. The Syslog will include all data available in the dashboard "Events &amp; Alerts" tab. In addition Check Point's R&amp;D added specific integration to ArcSight with support for ArcSight Common Event Format (CEF).</P><P></P><P>The data that can be sent to SIEM includes the following fields:</P><P>Event Server Timestamp</P><P>DeviceAlert Event</P><P>EventType</P><P>Signature</P><P>RiskLevel</P><P>DeviceOwner</P><P>DeviceNumber</P><P>DeviceType</P><P>DeviceID</P><P>Event ID</P><P>Event Client Timestamp</P><P>SBM Dashboard URL</P><P>DeviceEmail</P><P>DeviceOSLevel</P><P>DeviceModel</P><P>DeviceRiskLevel</P><P>SBM Client Version</P><P>Device Location</P><P>Device MDM ID</P><P>APP Threat summary</P><P>APP SHA256</P><P>App version</P><P>App repackaged</P><P>NetworkCertificate</P><P>NetworkCaptive</P><P>Devicerooted</P><P></P><P>For more information, please contact Check Point's Local Security Engineer or the regional Mobile Security expert.</P></BODY></HTML> Tue, 23 May 2017 08:01:59 GMT Daniel_Dor 2017-05-23T08:01:59Z Integrating SandBlast Mobile and security information and event management (SIEM) system https://community.checkpoint.com/t5/Mobile/Integrating-SandBlast-Mobile-and-security-information-and-event/m-p/3471#M26 <HTML><HEAD></HEAD><BODY><P>This functionality enables the forwarding of all the Check Point SandBlast Mobile security and system alerts as they are generated and presented in the dashboard, to any standard Syslog Server in Syslog format. The Syslog will include all data available in the dashboard "Events &amp; Alerts" tab. In addition Check Point's R&amp;D added specific integration to ArcSight with support for ArcSight Common Event Format (CEF).</P><P></P><P>The data that can be sent to SIEM includes the following fields:</P><P>Event Server Timestamp</P><P>DeviceAlert Event</P><P>EventType</P><P>Signature</P><P>RiskLevel</P><P>DeviceOwner</P><P>DeviceNumber</P><P>DeviceType</P><P>DeviceID</P><P>Event ID</P><P>Event Client Timestamp</P><P>SBM Dashboard URL</P><P>DeviceEmail</P><P>DeviceOSLevel</P><P>DeviceModel</P><P>DeviceRiskLevel</P><P>SBM Client Version</P><P>Device Location</P><P>Device MDM ID</P><P>APP Threat summary</P><P>APP SHA256</P><P>App version</P><P>App repackaged</P><P>NetworkCertificate</P><P>NetworkCaptive</P><P>Devicerooted</P><P></P><P>For more information, please contact Check Point's Local Security Engineer or the regional Mobile Security expert.</P></BODY></HTML> Tue, 23 May 2017 08:01:59 GMT https://community.checkpoint.com/t5/Mobile/Integrating-SandBlast-Mobile-and-security-information-and-event/m-p/3471#M26 Daniel_Dor 2017-05-23T08:01:59Z