There are two main Checkpoint Firewall add-ons available and I am unsure which one to go by. Our checkpoint firwall is R77.30
Can someone please advise which one should I go with ?
the first one is the better choice because is developed by splunk and in case you can ask a support
Thanks, I also thought so.
Are you aware if Checkpoint or Splunk has release upgrade steps from opsec lea add-on to one of these add-ons ?
Most of our dashboards/reports are based on opsec sourcetype, would updating the SPL be as easy as changing the sourcetype ?
unfortunately the sourcetypes are different from the opseclea app.
both the addons use cp_log or cp_log:syslog sourcetypes.
if I remember well opseclea use opsec or checkpoint sourcetype.
if this answer help please vote or accept the solution