Ho all,
We are using opsec lea to send logs to our SIEM and it is working fine, but we are missing some valuable information in the logs sent this way. For example we don't have the log information for the reason of a block, or the rule that trigger the log. Those logs are visible on the checkpoint interface but apparently opsec lea do not forward them.
Anybody knows if we can forward those information as well ?
I know that we should now use the log exporter instead of opsec lea, but our siem do not support it yet..
Thanks !