Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rajput_Arvind
Contributor
Jump to solution

R80.10 integration with SIEM tool

Hi All,

We are upgrading our MDS from R77.30 to R80.10. And there few SIEM tool integrated with it.

So I just wanted to know if anything needs to be done either on Checkpoint or SIEM tool to make it compatible with R80.10. Customer doesn't want to go for Log-Exporter for now.

Below are the SIEM tool integrated at the moment with R77.30

  • Arcsight
  • Integrals
  • Loglogic
  • Tufin
  • Splunk
  • eiq-test
  • webtrends41-lea2

 

2 Solutions

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion

Check Point supports the Syslog exporter for SIEM applications for R80.10+ managment.

Which allows an easy and secure method for exporting CP logs over syslog. Exporting can be done in few standard protocols and formats.

Log Exporter supports:

  • Splunk
  • Arcsight
  • RSA
  • LogRhythm
  • QRadar
  • McAfee

Log Exporter is a multi-threaded daemon service, running on a log server. Each log that is written on the log server is read by the log exporter daemon, transformed into the desired format and mapping, and then sent to the end target.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

HeikoAnkenbrand
Champion Champion
Champion

Hi @Rajput_Arvind,

This is discussed in this article.

More read here:

R80.10 - Syslog Exporter

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

3 Replies
HeikoAnkenbrand
Champion Champion
Champion

Check Point supports the Syslog exporter for SIEM applications for R80.10+ managment.

Which allows an easy and secure method for exporting CP logs over syslog. Exporting can be done in few standard protocols and formats.

Log Exporter supports:

  • Splunk
  • Arcsight
  • RSA
  • LogRhythm
  • QRadar
  • McAfee

Log Exporter is a multi-threaded daemon service, running on a log server. Each log that is written on the log server is read by the log exporter daemon, transformed into the desired format and mapping, and then sent to the end target.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion

Hi @Rajput_Arvind,

This is discussed in this article.

More read here:

R80.10 - Syslog Exporter

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Rajput_Arvind
Contributor
In our environment, we don't have dedicated log server. All logs are forwarded to CMA and from there to SIEM tool.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events