Discover the Future of Cyber Security:
What’s New in Check Point’s Quantum R82
Pick the Best of the Best of
CheckMates 2024!
Share your Cyber Security Insights
On-Stage at CPX 2025
Simplifying Zero Trust Security
with Infinity Identity!
Zero Trust Implementation
Help us with the Short-Term Roadmap
CheckMates Go:
What's New in R82
Hi Scott_Paisley
I already resolved the problem by parsing syslog from PulseSecure VPN as below screenshot and it worked fine on my lab.
10.x.x.189 PulseSecure: - - - 2021-06-15 00:39:31 - ive - [10.x.x.189] user01(Realm-NC)[RoleNC] - VPN Tunneling: Session started for user with IPv4 address 192.168.100.20, hostname xxx-xxx"
I also copy and paste each of the attributes here for your test purpose in your lab.
Message Subject*: (PulseSecure) with ticking RegEx checkbox
Event Type: Login
Delimeter*: \s
Username Prefix: \[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\s
Username: (\w+)
Address Prefix: \s
Address*: IPv4\saddress\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
