- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Sorry if I missed the answer to this question in documentation or forums...I promised I've tried to find the answer.
In the URL Filtering and/or Application Control blades is there a way to add the "HTTP method" (eg POST, GET, PROPS, OPTIONS) to the log and more specifically to the log that can be ingested by a 3rd party SIEM?
Thanks for any guidance!
You must log the traffic with Extended Logging to get that information.
You will find it in the Session tab of the Log card:
I presume if we log it, it will also be sent to a SIEM as well, particularly if you're using Log Exporter.
See Log Exporter guide for more details.
Thanks Dameon Welch Abernathy. I changed the log type to this in the URL/Application control blade, but I am still not seeing this value in the URL filtering log I am getting.
Does this only work on the Application Control blade? Was it added in a recent version? Is there a way to tweak what is logged in "Extended Logging" ?
You must have App Control/URL Filtering enabled for this to work, both on the gateway and, R80+, the relevant layer.
What is logged by Extended Logging is determined by what blades are active on the relevant gateway and layer.
Thanks! I think R80 is my current stumbling block. We are migrating to R80.10 gateways in the next few weeks...so I'll be able to verify then. Thanks!!!!!
This should also work in R77.30 as well, though it's in the App Control layer you use Extended Logging.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY