Hi Everyone,

I have a Smart-1 5150 device that manage 90 checkpoint gateway. I want to integrated it with LogRhythm SIEM.

I was create a host object for LogRhythm SIEM with it IP.

I was create a OPSEC Application for it and also pull certificates from Check Point Smart-1 devices.

Now i need to provide the information below on LogRhythm SIEM :

• opsec_sic_name "OPSEC_APP_SIC_DN"
• lea_server ip IP_ADDRESS
• lea_server auth_port 18184
• lea_server auth_type sslca
• lea_server opsec_entity_sic_name "LOG_SERVER_DN"
• opsec_sslca_file "C:\checkpoint_config\opsec.p12"

"OPSEC_APP_SIC_DN" is the DN name in OPSEC Application which is "CN=LogRhythm-XM,O=CP-Smart1..ksmkv" in my picture. Is this corect ?

"lea_server auth_type" is sslca. Is this only 1 type is sslca or any orther type ?
"LOG_SERVER_DN" i not sure where to collect this infor ? i going to the web portal of Smart-1 device and see the DN in Certificate Authority tab as below :

is this the right DN for "LOG_SERVER_DN". Since Smart-1 devices í manage all orther firewall, the "LOG_SERVER_DN" is the DN of Smart01 device, right ?

Cause after configure, i still can't receive any log on LogRhythm SIEM about Check Point OPSEC. Please help me solve this issue. Thanks!