Forum Discussion
Checkpoint firewall - automatic log collection - recommended method ?
Hi Danny Kadyshevitch just wondering how this might play out?
From what we can see this was raised some time ago as well?
We can see that just using the Snapshot tool we can take a "Smart Tracker" formatted download from the Checkpoint Firewall and then upload it into MCAS and it has plenty of detail, and yet looking thru the details here: https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery it appears that by using the AutoCollector method all we are going to see is Target and Origin IP Address only? How come there is such a disparity of the detail in the two different approaches?
It looks like we can get a Graduate to maually do this process as a daily task and then end up getting a decent amount of worthwhile data ingested into MCAS, but if we automate it then the level of detail falls off considerably - it could be that we've misunderstood this - but this doesn't seem to make sense? Is there possibly another way of semi-automating the upload of the Samrt Tracker logs into MCAS for ingestation? It would not be ideal as it would keep having to reference the specific snapshot....
Regards,
Dave C
Hi David Caddick,
I recently worked with CP team, to learn about their new flow for exporting traffic data over syslog.
These will be reflected by new formats which will be supported by MCAS and that will include more details than the ones included in current supported formats.
This is something so be pushed during Q1CY20.
Thanks,
Danny.