https://community.splunk.com/t5/Security/How-can-I-use-Splunk-to-retrieve-my-CheckPoint-Firewall-Rules/m-p/141666#M4338 <P>You will need a Heavy Forwarder with the Splunk Add-on For OPSEC LEA: <A href="http://docs.splunk.com/Documentation/OPSEC-LEA">http://docs.splunk.com/Documentation/OPSEC-LEA</A>. It really all depends on how your CheckPoint Environment is setup. The Add-On use LEA-Logger to pull the logs via a rest call in to a Heavy Forwarder were they are unpackaged, transformed and sent to an indexer.</P> <P>You have to use a Heavy Forwarder so you can configure it over the GUI. Once it's configured you're good to go. </P> Thu, 04 Jun 2015 14:19:17 GMT mgonter_splunk 2015-06-04T14:19:17Z https://community.splunk.com/t5/Security/How-can-I-use-Splunk-to-retrieve-my-CheckPoint-Firewall-Rules/m-p/141665#M4337 <P>How can I use Splunk to retrieve my CheckPoint Firewall Rules</P> Mon, 14 Jul 2014 22:37:07 GMT https://community.splunk.com/t5/Security/How-can-I-use-Splunk-to-retrieve-my-CheckPoint-Firewall-Rules/m-p/141665#M4337 JeanC 2014-07-14T22:37:07Z https://community.splunk.com/t5/Security/How-can-I-use-Splunk-to-retrieve-my-CheckPoint-Firewall-Rules/m-p/141666#M4338 <P>You will need a Heavy Forwarder with the Splunk Add-on For OPSEC LEA: <A href="http://docs.splunk.com/Documentation/OPSEC-LEA">http://docs.splunk.com/Documentation/OPSEC-LEA</A>. It really all depends on how your CheckPoint Environment is setup. The Add-On use LEA-Logger to pull the logs via a rest call in to a Heavy Forwarder were they are unpackaged, transformed and sent to an indexer.</P> <P>You have to use a Heavy Forwarder so you can configure it over the GUI. Once it's configured you're good to go. </P> Thu, 04 Jun 2015 14:19:17 GMT https://community.splunk.com/t5/Security/How-can-I-use-Splunk-to-retrieve-my-CheckPoint-Firewall-Rules/m-p/141666#M4338 mgonter_splunk 2015-06-04T14:19:17Z