This functionality enables the forwarding of all the Check Point SandBlast Mobile security and system alerts as they are generated and presented in the dashboard, to any standard Syslog Server in Syslog format. The Syslog will include all data available in the dashboard "Events & Alerts" tab. In addition Check Point's R&D added specific integration to ArcSight with support for ArcSight Common Event Format (CEF).
The data that can be sent to SIEM includes the following fields:
Event Server Timestamp
DeviceAlert Event
EventType
Signature
RiskLevel
DeviceOwner
DeviceNumber
DeviceType
DeviceID
Event ID
Event Client Timestamp
SBM Dashboard URL
DeviceEmail
DeviceOSLevel
DeviceModel
DeviceRiskLevel
SBM Client Version
Device Location
Device MDM ID
APP Threat summary
APP SHA256
App version
App repackaged
NetworkCertificate
NetworkCaptive
Devicerooted
For more information, please contact Check Point's Local Security Engineer or the regional Mobile Security expert.