There are two main Checkpoint Firewall add-ons available and I am unsure which one to go by. Our checkpoint firwall is R77.30
Can someone please advise which one should I go with ?
Hi @dm1
the first one is the better choice because is developed by splunk and in case you can ask a support
Regards
Alessandro
Thanks, I also thought so.
Are you aware if Checkpoint or Splunk has release upgrade steps from opsec lea add-on to one of these add-ons ?
Most of our dashboards/reports are based on opsec sourcetype, would updating the SPL be as easy as changing the sourcetype ?
Hi @dm1
unfortunately the sourcetypes are different from the opseclea app.
both the addons use cp_log or cp_log:syslog sourcetypes.
if I remember well opseclea use opsec or checkpoint sourcetype.
if this answer help please vote or accept the solution
Regards
Alessandro
I am aware of that issue of different sourcetypes, hence why I asked if there is any upgrade steps Splunk or Checkpoint have released to move from opsec sourcetype to cp_log sourcetype