Forum Discussion

Max Boella's avatar
Max Boella
Copper Contributor
Jan 07, 2019

Checkpoint firewall - automatic log collection - recommended method ?

Hi - is there a recommended/supported method to achieve automatic Checkpoint firewall log collection ?   On the Checkpoint side it seems there are 2 main log export mechanisms. 1. CPLOGTOSYSLOG to...
Cloud App Security
Cloud Discovery
David Caddick's avatar
David Caddick
Iron Contributor
Nov 25, 2019

Thanks Danny Kadyshevitch, but as we are working with some Govt. Customers that are still on R80.10 and R80.20, etc... I'm not sure how relevant that might be to some of our Customers?

While we have a possible opportunity to create a Customer case study with MS cause this customer is running with Office ATP, Azure ATP, Defender ATP, AAD ID P2, Azure MFA, Azure Sentinel - and yet for MCAS it looks like there is very little rationale to go to the effort of adding the Automated Collector for a CheckPoint Firewall if all it's going to be able to do is add Target/Origin IP address...

 

Sorry, just telling it like it is, and it's a real shame... Is there no other way of getting the Tracker info ingested somehow?

Danny Kadyshevitch's avatar
Danny Kadyshevitch
Former Employee
Nov 25, 2019

Hi David Caddick,

 

I think I was misunderstood -

The same data that is supported on the manual approach is also the one supported on the automated approach. If you're saying that it worked for you with the manual option, you should just go ahead and upload data automatically, there's no difference in that case in the data being extracted.

 

Yet, for my knowledge - "Smart Tracker" doesn't include traffic volumes such as upload and downloaded bytes, and that the delta is the username which is included in the "Smart Tracker" logs.

 

Hope it makes more sense now.

 

Thanks,

Danny.