This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Evgeniy_Olkov
Collaborator
Collaborator
‎2018-11-20 01:31 AM

Compliance blade on Splunk?

Hello. Check Point Management Server has the compliance blade. It shows the quality of gateway config. How do you think, is it possible to make this function on Splunk? Can we monitor all necessary parameters with splunk?

Labels
0 Kudos
6 Replies
G_W_Albrecht
Legend
Legend
‎2018-11-20 03:06 AM

Afaik the Splunk Add-on for OPSEC LEA is rather old, but i would start with that !

CCSE CCTE CCSM SMB Specialist
0 Kudos
Evgeniy_Olkov
Collaborator
Collaborator
‎2018-11-20 03:28 AM
In response to G_W_Albrecht

Thank you for the answer. I think the question is not about method of log collection. It's about the parameters which we can monitor, like configuration files.

0 Kudos
G_W_Albrecht
Legend
Legend
‎2018-11-20 03:34 AM
In response to Evgeniy_Olkov

You can monitor all OPSEC / LEA logged events, including syslog and SmartEvent. The alternative way of monitoring is done using SNMP and traps.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Evgeniy_Olkov
Collaborator
Collaborator
‎2018-11-20 03:48 AM
In response to G_W_Albrecht

It's obviously. I just don't know is it enough for compliance reports. How Splunk can detect your access-lists configuration or global properties? There are a lot of other things. 

0 Kudos
G_W_Albrecht
Legend
Legend
‎2018-11-20 03:51 AM
In response to Evgeniy_Olkov

For access-lists configuration (i did not encounter on CP) or global properties you have to use another tool, not Splunk.

CCSE CCTE CCSM SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2018-11-20 09:53 AM

Splunk is a SIEM that ingests logs from various devices (including ours).

It's not really meant for monitoring device configuration.

That has to be done by more directly probing the device configuration, which I don't believe Splunk does.

There are other third party tools that do this to varying degrees.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events