Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Collaborator

Compliance blade on Splunk?

Hello. Check Point Management Server has the compliance blade. It shows the quality of gateway config. How do you think, is it possible to make this function on Splunk? Can we monitor all necessary parameters with splunk?

Labels (2)
Tags (2)
0 Kudos
6 Replies
Highlighted
Champion
Champion

Afaik the Splunk Add-on for OPSEC LEA is rather old, but i would start with that !

0 Kudos
Highlighted
Collaborator

Thank you for the answer. I think the question is not about method of log collection. It's about the parameters which we can monitor, like configuration files.

0 Kudos
Highlighted
Champion
Champion

You can monitor all OPSEC / LEA logged events, including syslog and SmartEvent. The alternative way of monitoring is done using SNMP and traps.

0 Kudos
Highlighted
Collaborator

It's obviously. I just don't know is it enough for compliance reports. How Splunk can detect your access-lists configuration or global properties? There are a lot of other things. 

0 Kudos
Highlighted
Champion
Champion

For access-lists configuration (i did not encounter on CP) or global properties you have to use another tool, not Splunk.

0 Kudos
Highlighted
Admin
Admin

Splunk is a SIEM that ingests logs from various devices (including ours).

It's not really meant for monitoring device configuration.

That has to be done by more directly probing the device configuration, which I don't believe Splunk does.

There are other third party tools that do this to varying degrees.