This Add-on supports parsing for Checkpoint Smart-1 Cloud logs pushed via Log Exporter which Syslog format has an encapsulated JSON string.
About Us:
CyberCX is Australia’s greatest force of cyber security experts. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk.
Description:
The CCX Add-on for Checkpoint Smart-1 Cloud looks to provide a single field extraction bundle for Checkpoint Smart-1 Cloud product.
This TA was built using a large dataset and endeavours to be the most CIM compliant comprehensive field extraction TA available for Checkpoint Smart-1 Cloud ingested logs via Log Exporter Syslog.
Below are some of the listed products supported:
- Firewall
- IPS
- Smartdefense
- Connectra
- Anti Spam (MTA)
- Endpoint Management/Compliance
- Threat Emulation
- Anti Bot
- Anti Virus
- Anti Ransomware
- Anti Virus
- Anti Malware
- Mobile
- URL Filtering
To receive a full list of Checkpoint products supported by CCX Checkpoint TAs refer to "SUPPORT" >> "Contact Developer".
Fully compatible with Splunk Enterprise and Splunk Cloud, built by an Ops team for Ops teams.
Features:
- This TA currently supports logtypes tagged under the following CIM datamodels: Network Traffic, Network Sessions, Web, Authentication, Change, Malware, Endpoint, Intrusion Detection (IDS), Alerts, Email.
Created By
Henrique Linsmeyer
Resources
Log in to report this app listing