I’m happy to announce about a new Splunk app for Check Point logs.
Check Point brings you an advanced and real-time threat analysis and reporting tool for Splunk. The Check Point App for Splunk allows you to respond to security risks immediately and gain network true insights.
You can collect and analyze millions of logs from all Check Point technologies and platforms across networks, Cloud, Endpoints and Mobile.
Key features are:
- Infinity Dashboards
- General overview
- Top attacks
- Detected and prevented events
- Events timeline
- Blades statistics
- Cyber Attack View – a unique ability to aggregate Check Point events per attack vector (cross all blades)
- Reconnaissance actions against the network
- Delivery methods
- Malicious emails
- Malicious file download
- Server Exploit
- Infected hosts
- SandBlast Events – predefined aggregation for mail and web attack vectors
- CIM Support – Check Point logs are mapped into CIM (Common Information Model) and can be analyzed using standard dashboards (such as Splunk Enterprise Security)
More information on CIM can be found here: https://docs.splunk.com/Documentation/CIM/4.12.0/User/Overview
- Fast Deploy – an easy and fast deployment using the new Log Exporter
The app can be downloaded from Splunk base: Check Point App for Splunk | Splunkbase
- User Guide – https://sc1.checkpoint.com/documents/App_for_Splunk/html_frameset.htm
- SK about the Log Exporter – http://supportcontent.checkpoint.com/solutions?id=sk122323
For any question, comment or suggestion, please contact firstname.lastname@example.org.
Dan Zada, Group Manager.