Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Evgeniy_Olkov
Collaborator
Collaborator

Compliance blade on Splunk?

Hello. Check Point Management Server has the compliance blade. It shows the quality of gateway config. How do you think, is it possible to make this function on Splunk? Can we monitor all necessary parameters with splunk?

0 Kudos
6 Replies
G_W_Albrecht
Legend Legend
Legend

Afaik the Splunk Add-on for OPSEC LEA is rather old, but i would start with that !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Evgeniy_Olkov
Collaborator
Collaborator

Thank you for the answer. I think the question is not about method of log collection. It's about the parameters which we can monitor, like configuration files.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

You can monitor all OPSEC / LEA logged events, including syslog and SmartEvent. The alternative way of monitoring is done using SNMP and traps.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Evgeniy_Olkov
Collaborator
Collaborator

It's obviously. I just don't know is it enough for compliance reports. How Splunk can detect your access-lists configuration or global properties? There are a lot of other things. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

For access-lists configuration (i did not encounter on CP) or global properties you have to use another tool, not Splunk.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

Splunk is a SIEM that ingests logs from various devices (including ours).

It's not really meant for monitoring device configuration.

That has to be done by more directly probing the device configuration, which I don't believe Splunk does.

There are other third party tools that do this to varying degrees.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events