This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ruan_Kotze
Advisor
‎2023-01-19 12:50 AM

Harmony Endpoint (Cloud Managed) - export events to on-prem SIEM

Hi CheckMates,

As per the subject line - I've got an HE deployment managed via Infinity portal.  The end user wants to ingest the logs via their on-prem syslog server.

What I'm not clear on is how one would go about creating and assigning the certificates required for TLS encryption.

For an on-prem deployment I would just generate the certificates via the process documented in the user guide.  Unfortunately there's a requirement that the log exporter device (i.e. the hosted HE management instance) must have connectivity to the CA server.  To my mind this means that one will not be able to use self-signed certificates?

Would appreciate feedback from anyone who has done a similiar setup.

Thanks,
Ruan

0 Kudos
3 Replies
Alex-
Leader Leader
Leader
‎2023-01-19 04:55 AM

No experience yet with Harmony on Infinity, but the PEM is created with the self-signed CA key and is then imported along with the P12 in the Harmony side. The same CA Key is used to validate the target server so Harmony should be able to self-validate since it has the PEM CA. Otherwise I think the documentation would only warrant the use of public certificate providers and not the OpenSSL commands to run by yourself.

0 Kudos
Ruan_Kotze
Advisor
‎2023-01-19 06:05 AM
In response to Alex-

Thanks Alex, appreciate the feedback.  What certificate then would need to be imported on the Syslog host side?  Assuming it will not trust the self-signed certificate presented unless the CA cert is also imported there?  think I might have answered my own question:-)

0 Kudos
Alex-
Leader Leader
Leader
‎2023-01-19 06:09 AM
In response to Ruan_Kotze

It's mutual authentication, so the server side will also need the PEM which is used to sign both the client (CP) and server (syslog) certs.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events