This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dehaasm
Collaborator
‎2023-01-26 05:33 AM
Jump to solution

Cloudguard Azure Smartevents

We have a VMSS cluster deployed in Azure with SMS, now we are looking to deploy a seperate Smartevents server in Azure.

What would be the best way to implement the Smartevent solution in Azure and integrate it into the current CME/SMS configuration? Is there a Azure template available and some documentation?

Labels
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-01-29 09:41 PM
Jump to solution

There isn't a template for management configuration, generally speaking.
You would spin up a new management instance with just SmartEvent installed.
Or, you can also add SmartEvent to your existing management VM, though you might want to spin up a larger instance if you go that route.

View solution in original post

11 Replies
PhoneBoy
Admin
Admin
‎2023-01-29 09:41 PM
Jump to solution

There isn't a template for management configuration, generally speaking.
You would spin up a new management instance with just SmartEvent installed.
Or, you can also add SmartEvent to your existing management VM, though you might want to spin up a larger instance if you go that route.

dehaasm
Collaborator
‎2023-03-08 02:30 AM
In response to PhoneBoy
Jump to solution

we decided to enable smartevent on the SMS, so we can simply enable the blade Smartevent server on the SMS in Azure?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-08 08:17 AM
In response to dehaasm
Jump to solution

Assuming you have a license for it, yes.

0 Kudos
Bryan-Smith
Employee
Employee
‎2023-01-31 09:52 AM
Jump to solution

@dehaasm  as @PhoneBoy mentioned there is no specific template for an Azure SmartEvent server. I would definitely recommend spinning up a separate SmartEvent server using premium SSD for the IOPS.

In Azure you can select the Check Point Security Management template then chose to configure manually. (See screenshot below) At this point you would follow the traditional setup instructions with the first time wizard (FTW).

azure-mp-option.png

 

It's worth noting that MDS has an installation type that is specific to the log server setup. (mds-logserver)

 

0 Kudos
dehaasm
Collaborator
‎2023-02-01 02:05 AM
In response to Bryan-Smith
Jump to solution

Hi Bryan,

Thanks for sharing your knowledge. At the moment we have management server+smartevents license on single SMS IP, would it be possible to transfer the Smartevent license/component to the dedicated smartevents server with the new IP address?

Bryan-Smith
Employee
Employee
‎2023-02-01 12:03 PM
In response to dehaasm
Jump to solution

@dehaasm that is a good question. I would double check with your account team to make sure you are licensed to run a dedicated SmartEvent server. I believe you need to have a dedicated SmartEvent server license to split it out.

0 Kudos
dehaasm
Collaborator
‎2023-03-15 04:06 AM
In response to Bryan-Smith
Jump to solution

Hi Bryan,

We want to install Smartevent server on the same SMS what would you recommend for the system requriements, we currently have 4 CPU / 16GB mem and the there are about 150 log events per second.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-15 05:48 AM
In response to dehaasm
Jump to solution

That is the configuration I use for my lab installation of SMS+SmartEvent, which I consider a bare minimum installation.
It should suffice as a starting point, but doesn't give you a ton of headroom.

0 Kudos
dehaasm
Collaborator
‎2023-03-15 05:55 AM
In response to PhoneBoy
Jump to solution

should we go for 8CPU with 32GB RAM doubling it?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-15 05:59 AM
In response to dehaasm
Jump to solution

If it were me, I would.

0 Kudos
Bryan-Smith
Employee
Employee
‎2023-03-16 08:21 AM
In response to dehaasm
Jump to solution

@dehaasm 8 vCPU / 32GB RAM is a great starting point to run the correlation unit. 

High Level Overview of Event Identification (checkpoint.com)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events