Hello. Check Point Management Server has the compliance blade. It shows the quality of gateway config. How do you think, is it possible to make this function on Splunk? Can we monitor all necessary parameters with splunk?
Afaik the Splunk Add-on for OPSEC LEA is rather old, but i would start with that !
Thank you for the answer. I think the question is not about method of log collection. It's about the parameters which we can monitor, like configuration files.
You can monitor all OPSEC / LEA logged events, including syslog and SmartEvent. The alternative way of monitoring is done using SNMP and traps.
It's obviously. I just don't know is it enough for compliance reports. How Splunk can detect your access-lists configuration or global properties? There are a lot of other things.
For access-lists configuration (i did not encounter on CP) or global properties you have to use another tool, not Splunk.
Splunk is a SIEM that ingests logs from various devices (including ours).
It's not really meant for monitoring device configuration.
That has to be done by more directly probing the device configuration, which I don't believe Splunk does.
There are other third party tools that do this to varying degrees.
Retrieving data ...