This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sergej_Gurenko
Collaborator
‎2022-12-15 05:30 AM
Jump to solution

Harmony Browse log forwarding to on-prem SmartCenter

After reading the Admin Guide Harmony-Browse-Admin-Guide>Harmony-Endpoint-Logs , watching couple of videos and setting up a trial instance of Harmony Browse (aka SBA4B) I'm confused if forwarding logs to on-prem Check Point is available. If not available today, is t in the committed roadmap? Thanks!

Labels
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-12-15 07:50 AM
Jump to solution

Pretty sure we support forwarding to a SIEM, though that’s an extra cost item.
Don’t believe you can currently ingest logs from any of our Infinity Portal hosted offerings into your local management/log server.
Recommend discussing your precise requirements with your local Check Point office.

View solution in original post

7 Replies
PhoneBoy
Admin
Admin
‎2022-12-15 07:50 AM
Jump to solution

Pretty sure we support forwarding to a SIEM, though that’s an extra cost item.
Don’t believe you can currently ingest logs from any of our Infinity Portal hosted offerings into your local management/log server.
Recommend discussing your precise requirements with your local Check Point office.

Sergej_Gurenko
Collaborator
‎2022-12-15 08:12 AM
In response to PhoneBoy
Jump to solution

It seems there is some progress towards this, at least for other products of the Harmony family making steps towards SmartCenter integration. Below is some recent news from Harmony Connect What's new sk155574

  • October 13th, 2022 SmartConsole Management for Harmony Connect is available > Enabling SmartConsole Management >  Note: Harmony Connect logs continue to be stored in the cloud.
0 Kudos
PhoneBoy
Admin
Admin
‎2022-12-15 11:32 AM
In response to Sergej_Gurenko
Jump to solution

We support connecting your on-prem management to Infinity Portal.
This is required for several offerings, including SD-WAN, XDR, SOC, and others.
In the case of Harmony Connect, it's optional and allows you to manage your access policy using your on-prem management.

0 Kudos
dt7
Contributor
‎2025-05-20 03:26 AM
In response to PhoneBoy
Jump to solution

Hello @PhoneBoy, can I ask a follow-up question on this comment of yours? I have a similar question to this post but the other way around, and it relates to your reply.

For example, if I have a Harmony Endpoint on-prem setup, I see that it is possible to forward logs externally. I was wondering if I can use that to forward logs to Infinity portal directly, and have those logs compatible for use by Infinity XDR or PlayBlocks on the Infinity Portal? Or is it achieved via the Log Exporter? (https://sc1.checkpoint.com/documents/Log_Exporter/EN/Content/Topics/Introduction.htm#Introduction)

Does that integration work via direct forward and will those on-prem log be understood by those Infinity Services? When checking the documentation on this it is not very clear to me. I did see that it is possible to forward logs to a third party SIEM as well (ex: Splunk, etc.). So alternatively, it means I need to forward my Harmony Endpoint on-prem logs to an external SIEM, that then forwards it to Infinity portal for Infinity XDR? Seems very convoluted... 

https://sc1.checkpoint.com/documents/R82/SmartEndpoint_OLH/EN/Content/Topics-HEP/Logs-menu.htm?Highl...

Supported products for security events mentioned "products you are subscribed to in Infinity Portal", so it's not very clear to me:

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Events-Admin-Guide/Content/To...

Thank you in advance for any help on this.

Regards.

 

 

 

 

Preview file
27 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2025-05-20 07:07 AM
In response to dt7
Jump to solution

Yes, you can forward your on-prem logs to Infinity Portal to a service called Infinity Events: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Events-Admin-Guide/Content/To... 

However, I don't believe we require this in order to use some of the features.
We do require a connection to Infinity Portal, which is configured in SmartConsole.

image.png

When you set up the connection, you can also set up if logs and/or configuration from your local system is shared with Infinity Portal:

image.png

 

dt7
Contributor
‎2025-05-20 11:25 PM
In response to PhoneBoy
Jump to solution

Thanks @PhoneBoy, this is very helpful.

In that case, can I assume that if you connect your on-prem Harmony Endpoint Management server to Infinity (either via Infinity portal config you mentioned or log forwarding), that shared config and logs will be able to be used by other Infinity cloud services, like Infinity XDR?

Thank you.

0 Kudos
PhoneBoy
Admin
Admin
‎2025-05-21 06:39 AM
In response to dt7
Jump to solution

Once you've connected your on-prem management with Infinity Portal, you can configure the individual services that will leverage this connection.
Log Forwarding is meant for SIEMs (not for importing into Infinity Portal).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events