Hi there,
I am configuring the importing of custom threat intelligence feeds into the R80.40 checkpoint security gateway.
I am trying to configure exporting of specific events to a external syslog server.
If an IOC from from custom threat intelligence feed is seen, I would like the associated event/log sent for this indicator sent to an external syslog server/collector.
I understand it is possible to send filtered logs to an external syslog server, however I am unsure of the ids/identifiers for the custom threat intelligence feed logs to filter on.
Does anyone know how to do this?
Cheers,
