Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
FD
Explorer

Check Point Integration with FortiSIEM solution

Hello members,

i have Checkpoint security firewall and would like to integrate it with FortiSIEM solution i need help as it is my first time to implement.

 

thanks

0 Kudos
7 Replies
_Val_
Admin
Admin

If it takes syslog, jsut use log exporter

0 Kudos
peroskhan
Explorer

Hi,

 

can you share the settings to integrate with FortiSiem

0 Kudos
AkosBakos
Leader Leader
Leader

What do you mean under settings?

This is the original SK: https://support.checkpoint.com/results/sk/sk122323

You can  setup based on your needs. Usually we send syslog to FortiSien, and the SIEM will parse the logs. 

Have a look at in this:

https://docs.fortinet.com/document/fortisiem/7.1.4/external-systems-configuration-guide/335430/check...

You need to send syslog in CEF format according to this sample:

cp_log_export add name <Name> [domain-server {mds | all}] target-server <HostName or IP address of Target Server> target-port <Port on Target Server> protocol {udp | tcp} format {syslog | splunk | cef | leef | generic | json | logrhythm | rsa} [<Optional Arguments>]

----------------
\m/_(>_<)_\m/
0 Kudos
egas84
Participant

Hi,

I use the following:
cp_log_export add name FortiSiem target-server x.x.x.x target-port 514 protocol udp format cef
cp_log_export restart name FortiSiem

 

Regards,

Lesley
Leader Leader
Leader

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_LoggingAndMonitoring_AdminGu...

Start with above and then:

https://support.checkpoint.com/results/sk/sk122323

Better to create object in SmartConsole. Before you always had to start from CLI but that changed and made it more easy. Still can do all via CLI but via GUI is better. 

If all changes are done check with tcpdump if you see traffic being send out. tcpdump -nni any host IP port 514

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend

The sk given by Akos and Lesley is your best bet.

Andy

0 Kudos
egas84
Participant

Hi,

Did you manage to integrate the logs in fortisiem via Log exporter? Is the parser correct? Can you share the settings you used?

 

Thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events