Re: Which Checkpoint add-on should I choose ?

dm1 · ‎05-26-2021

There are two main Checkpoint Firewall add-ons available and I am unsure which one to go by. Our checkpoint firwall is R77.30

Checkpoint addon by Splunk
1. this is by Splunk was last updated on April 2021
2. Splunk addon only supports - Check Point Software R81, Check Point Endpoint client version E84.30, Check Point Management server version: R80.40
3. supported by Splunk
Checkpoint addon by Checkpoint
1. last updated Jan 2020
2. Supports all versions
3. supported by Checkpoint

Can someone please advise which one should I go with ?

aasabatini · ‎05-26-2021

Hi @dm1

the first one is the better choice because is developed by splunk and in case you can ask a support

Regards

Alessandro

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

dm1 · ‎05-27-2021

Thanks, I also thought so.

Are you aware if Checkpoint or Splunk has release upgrade steps from opsec lea add-on to one of these add-ons ?

Most of our dashboards/reports are based on opsec sourcetype, would updating the SPL be as easy as changing the sourcetype ?

aasabatini · ‎05-27-2021

Hi @dm1

unfortunately the sourcetypes are different from the opseclea app.

both the addons use cp_log or cp_log:syslog sourcetypes.

if I remember well opseclea use opsec or checkpoint sourcetype.

if this answer help please vote or accept the solution

Regards

Alessandro

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

dm1 · ‎05-27-2021

I am aware of that issue of different sourcetypes, hence why I asked if there is any upgrade steps Splunk or Checkpoint have released to move from opsec sourcetype to cp_log sourcetype

Which Checkpoint add-on should I choose ?

installation

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk