We are currently in advanced stages of developing a Log Exporter update that will add CIM support.
This will give us better Splunk integration for CIM oriented apps and dashboards (e.g. Splunk Enterprise Security).
We are currently looking for customers who wish to test this new feature (in either their lab or production) and share their feedback with us.
I would also really appreciate if in your email you could also add the following details:
- what version of Check Point do you use? And what version of Splunk server?
- Is your Splunk environment installed as a single-instance or is it a distributed environment?
- Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on?
The new update will also enable the Log Exporter to work in a semi-unified mode.
For those who are unfamiliar with this setting, it means that updates are unified with their original log before they are exported. This makes the information in the update log complete and makes the update log itself more readable (in raw mode you had to manually search for the original log to make sense of the update).