cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

R80.10 integration with SIEM tool

Jump to solution

Hi All,

We are upgrading our MDS from R77.30 to R80.10. And there few SIEM tool integrated with it.

So I just wanted to know if anything needs to be done either on Checkpoint or SIEM tool to make it compatible with R80.10. Customer doesn't want to go for Log-Exporter for now.

Below are the SIEM tool integrated at the moment with R77.30

  • Arcsight
  • Integrals
  • Loglogic
  • Tufin
  • Splunk
  • eiq-test
  • webtrends41-lea2

 

2 Solutions

Accepted Solutions

Re: R80.10 integration with SIEM tool

Jump to solution

Check Point supports the Syslog exporter for SIEM applications for R80.10+ managment.

Which allows an easy and secure method for exporting CP logs over syslog. Exporting can be done in few standard protocols and formats.

Log Exporter supports:

  • Splunk
  • Arcsight
  • RSA
  • LogRhythm
  • QRadar
  • McAfee

Log Exporter is a multi-threaded daemon service, running on a log server. Each log that is written on the log server is read by the log exporter daemon, transformed into the desired format and mapping, and then sent to the end target.

View solution in original post

Tags (1)
Highlighted

Re: R80.10 integration with SIEM tool

Jump to solution

Hi @Rajput_Arvind,

This is discussed in this article.

More read here:

R80.10 - Syslog Exporter

View solution in original post

Tags (1)
3 Replies

Re: R80.10 integration with SIEM tool

Jump to solution

Check Point supports the Syslog exporter for SIEM applications for R80.10+ managment.

Which allows an easy and secure method for exporting CP logs over syslog. Exporting can be done in few standard protocols and formats.

Log Exporter supports:

  • Splunk
  • Arcsight
  • RSA
  • LogRhythm
  • QRadar
  • McAfee

Log Exporter is a multi-threaded daemon service, running on a log server. Each log that is written on the log server is read by the log exporter daemon, transformed into the desired format and mapping, and then sent to the end target.

View solution in original post

Tags (1)
Highlighted

Re: R80.10 integration with SIEM tool

Jump to solution

Hi @Rajput_Arvind,

This is discussed in this article.

More read here:

R80.10 - Syslog Exporter

View solution in original post

Tags (1)

Re: R80.10 integration with SIEM tool

Jump to solution
In our environment, we don't have dedicated log server. All logs are forwarded to CMA and from there to SIEM tool.