All Apps and Add-ons

Which Checkpoint add-on should I choose ?

dm1
Contributor

There are two main Checkpoint Firewall add-ons available and I am unsure which one to go by. Our checkpoint firwall is R77.30

  1. Checkpoint addon by Splunk
    1. this is by Splunk was last updated on April 2021
    2. Splunk addon only supports - Check Point Software R81, Check Point Endpoint client version E84.30, Check Point Management server version: R80.40
    3. supported by Splunk
  2. Checkpoint addon by Checkpoint
    1.  last updated Jan 2020
    2. Supports all versions
    3. supported by Checkpoint

 

Can someone please advise which one should I go with ?

Labels (1)
Tags (1)
0 Karma

aasabatini
Motivator

Hi @dm1 

 

the first one is the better choice because is developed by splunk and in case you can ask a support

Regards

Alessandro

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

dm1
Contributor

Thanks, I also thought so.

Are you aware if Checkpoint or Splunk has release upgrade steps from opsec lea add-on to one of these add-ons ?

Most of our dashboards/reports are based on opsec sourcetype, would updating the SPL be as easy as changing the sourcetype ?

0 Karma

aasabatini
Motivator

Hi @dm1 

unfortunately the sourcetypes are different from the opseclea app.

both the addons use cp_log or cp_log:syslog sourcetypes.

if I remember well opseclea use opsec or checkpoint sourcetype.

if this answer help please vote or accept the solution

Regards

Alessandro

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Tags (1)
0 Karma

dm1
Contributor

I am aware of that issue of different sourcetypes, hence why I asked if there is any upgrade steps Splunk or Checkpoint have released to move from opsec sourcetype to cp_log sourcetype

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...