SIEM

Expand all | Collapse all

Checkpoint OPSEC LEA Integration

  • 1.  Checkpoint OPSEC LEA Integration

    Posted May 22, 2020 05:22 AM
    Hi,

    We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.

    FortiSIEM 5.3.0
    Checkpoint R80.10

    Did anyone come across with this issue before?

    Regards,
    Isuru


  • 2.  RE: Checkpoint OPSEC LEA Integration

    GROUP ADMIN
    Posted May 28, 2020 04:57 AM
    Hi Isru,

    CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture. 

    Simple things to check:

    Make sure connectivity is available to CP from FSM Super or Collectors.
    Are you using SmartCenter or is it CLM, MLM, CLA.
    Check what version of CheckPoint is running.


    Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.


  • 3.  RE: Checkpoint OPSEC LEA Integration

    Posted May 28, 2020 08:25 PM
    Hi Daniel,

    Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.

    I will look into syslog as well.

    Regards,
    Isuru


  • 4.  RE: Checkpoint OPSEC LEA Integration

    Posted Jun 01, 2020 08:45 PM
    Hi Daniel,

    Regarding the Syslog Forwarding... Were you referring to this kind of a scenario (https://qostechnology.in/blog/syslog-integration-with-checkpoint/) or the 'Checkpoint log exporter' ??

    Regards,
    Isuru


  • 5.  RE: Checkpoint OPSEC LEA Integration

    GROUP ADMIN
    Posted Jun 18, 2020 02:34 AM
    try this https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323


  • 6.  RE: Checkpoint OPSEC LEA Integration

    Posted Jun 18, 2020 08:42 PM
    Hi Dan,

    Thanks, I will look into this.

    Regards,
    Isuru