Dan Zada

*New* Splunk App for Check Point Logs

Discussion created by Dan Zada Employee on Nov 13, 2018
Latest reply on Dec 4, 2018 by c9a127e7-d053-377a-9dcd-8cacd5bbe620

Hello all,

 

I’m happy to announce about a new Splunk app for Check Point logs.

Check Point brings you an advanced and real-time threat analysis and reporting tool for Splunk. The Check Point App for Splunk allows you to respond to security risks immediately and gain network true insights.

You can collect and analyze millions of logs from all Check Point technologies and platforms across networks, Cloud, Endpoints and Mobile.

 

 

Key features are:

  • Infinity Dashboards
    • General overview
    • Top attacks
    • Detected and prevented events
    • Events timeline
    • Blades statistics
  • Cyber Attack View – a unique ability to aggregate Check Point events per attack vector (cross all blades)
    • Reconnaissance actions against the network
    • Delivery methods
    • Malicious emails
    • Malicious file download
    • Server Exploit
    • Infected hosts
  • SandBlast Events – predefined aggregation for mail and web attack vectors
  • CIM Support – Check Point logs are mapped into CIM (Common Information Model) and can be analyzed using standard dashboards (such as Splunk Enterprise Security)
    More information on CIM can be found here: https://docs.splunk.com/Documentation/CIM/4.12.0/User/Overview
  • Fast Deploy – an easy and fast deployment using the new Log Exporter

 

 

The app can be downloaded from Splunk base: Check Point App for Splunk | Splunkbase 

 

 

For any question, comment or suggestion, please contact cp_splunk_app_support@checkpoint.com.

 

Thank you!

Dan Zada, Group Manager.

Outcomes