This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
FD
Explorer
‎2020-06-02 12:11 AM

Check Point Integration with FortiSIEM solution

Hello members,

i have Checkpoint security firewall and would like to integrate it with FortiSIEM solution i need help as it is my first time to implement.

 

thanks

0 Kudos
7 Replies
_Val_
Admin
Admin
‎2020-06-02 06:28 AM

If it takes syslog, jsut use log exporter

0 Kudos
peroskhan
Explorer
‎2024-09-17 09:42 AM
In response to _Val_

Hi,

 

can you share the settings to integrate with FortiSiem

0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2024-09-17 10:07 AM
In response to peroskhan

What do you mean under settings?

This is the original SK: https://support.checkpoint.com/results/sk/sk122323

You can  setup based on your needs. Usually we send syslog to FortiSien, and the SIEM will parse the logs. 

Have a look at in this:

https://docs.fortinet.com/document/fortisiem/7.1.4/external-systems-configuration-guide/335430/check...

You need to send syslog in CEF format according to this sample:

cp_log_export add name <Name> [domain-server {mds | all}] target-server <HostName or IP address of Target Server> target-port <Port on Target Server> protocol {udp | tcp} format {syslog | splunk | cef | leef | generic | json | logrhythm | rsa} [<Optional Arguments>]

----------------
\m/_(>_<)_\m/
0 Kudos
egas84
Participant
‎2024-09-17 10:20 AM
In response to peroskhan

Hi,

I use the following:
cp_log_export add name FortiSiem target-server x.x.x.x target-port 514 protocol udp format cef
cp_log_export restart name FortiSiem

 

Regards,

Lesley
MVP Gold
MVP Gold
‎2024-09-17 11:01 AM
In response to egas84

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_LoggingAndMonitoring_AdminGu...

Start with above and then:

https://support.checkpoint.com/results/sk/sk122323

Better to create object in SmartConsole. Before you always had to start from CLI but that changed and made it more easy. Still can do all via CLI but via GUI is better. 

If all changes are done check with tcpdump if you see traffic being send out. tcpdump -nni any host IP port 514

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-09-17 11:11 AM
In response to egas84

The sk given by Akos and Lesley is your best bet.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
egas84
Participant
‎2022-09-07 05:55 AM

Hi,

Did you manage to integrate the logs in fortisiem via Log exporter? Is the parser correct? Can you share the settings you used?

 

Thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events