This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
vinceneil666
Advisor
‎2020-09-09 04:47 AM

Sandblast Agent / Mobile, logs.

hi,

Is it really like this, or am I missing something essential here ? 

 

SandBlast Agent Cloud

Use SmartView cloud for reports/logs/views - but ONLY for SandBlast Agent.

As pr feedback from Check Point, it is not yet possible to export this to an excisting log server. (let say you have an on prem enviromet of firewalls etc.)

SandBlast Mobile Cloud

EVENTS still in Beta, and buggy as bugs can get.

As pr feedback from Check Point, it is not yet possible to export this to an excisting log server. (let say you have an on prem enviromet of firewalls etc.)

An option to "show in smartview" is show under "Events and Alerts" - we have yet to see an implementation where this work, allways show "page cannot be displayed.."-with some domain name info etc..

 

So If I have a customer, with a management server on prem, 10-15 firewalls, log servers..etc etc. He will have to pull up 3 different vies to view logs, create reports ..etc ? (one for the as is, one for agent and one for mobile)

6 Replies
PhoneBoy
Admin
Admin
‎2020-09-11 04:49 PM

My understanding is that SandBlast Mobile should have an export via syslog function, which could be imported into an existing management server.
Also SandBlast Agent Cloud can export via Log Exporter, but it has to be configured by TAC and isn't meant for a Check Point log server, but a third party SIEM.
Unifying all this is on the roadmap.

Kobie_Bendalak
Employee Alumnus
Employee Alumnus
‎2020-09-13 01:31 AM
In response to PhoneBoy

SandBlast Agent supports it already, you can configure it yourself.

Go to SandBlast Agent Management Platform > EndPoint Settings > Export Events.

Preview file
40 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2020-09-13 09:19 PM
In response to Kobie_Bendalak

Ah, you learn something new every day 🙂

0 Kudos
Julian_Sanchez
Collaborator
‎2020-10-08 08:22 PM
In response to Kobie_Bendalak

Hello, 

How I can export my logs from Sandblast Agent Cloud to my Security Management on-premise? 

I have SmartEvent and I want to correlate CloudGuardSaaS, Firewalls, and SandblastAgent Cloud

Is the same with log_exporter?

 

0 Kudos
vinceneil666
Advisor
‎2020-10-09 12:14 AM
In response to Julian_Sanchez

As far as I know, unless they have updated the service recentley, you cant. Only SaaS can export - but the roadmap says it will be available after a while 🙂 

0 Kudos
Kobie_Bendalak
Employee Alumnus
Employee Alumnus
‎2020-10-14 02:09 AM
In response to vinceneil666

You can export events to your on-premise enviorment, be advised it's not a native integration.

You can export your events in the following formats: SYSLOG, CEF, LEEF, SPLUNK.

Go to SBA mgmt. platform > End Point Settings > Export Events

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events