All Apps and Add-ons

Is there a Splunk OPSEC LEA for Check Point Technology Add-on that runs on Windows?

richnavis
Contributor

We currently are 100% windows shop, would like to know if there is a Splunk OPSEC LEA for Check Point Technology Add-on that we can run on windows.

1 Solution

dart
Splunk Employee
Splunk Employee

The Checkpoint app is only available for Linux & Solaris.

View solution in original post

ashokqos
Path Finder

We have created an alternate option where you can analyze checkpoint logs via syslog. This add-on will help you analyze Check Point logs on Windows.

https://splunkbase.splunk.com/app/2996/

I will be very happy to help anyone who is facing any issue with this Add-On.

Thanks

0 Karma

dart
Splunk Employee
Splunk Employee

The Checkpoint app is only available for Linux & Solaris.

hepterida
Explorer

Hi Araitz,
we absolutely need it too 🙂
Thanks you, Kamil

0 Karma

kheli
Path Finder

Latest Splunk Add-on for OPSEC LEA still does not support Windows platform. Can we get Windows add-on release? Not all Splunk instances are installed in Linux/Solaris. This is very important as the Windows version has old fw1-loggrabber binary which does not collect all required fields from Check Point log server especially if the logs are generated by Check Point VSX firewall.

0 Karma

araitz
Splunk Employee
Splunk Employee

Right now we have no plans to create a Windows version of the add-on.

A reminder that the source code is available here for anyone feeling ambitious: https://github.com/splunk/opsec_lea

0 Karma

raviefh
Engager

We need Opsec LEA Client for windows ASAP.

0 Karma

christantoy
Path Finder

Hi To all/Splunking

Reviving this thread lol

in our current situation we are really need a opsec windows platform

Thanks
Cris

0 Karma

richnavis
Contributor

We are now a 99.2% windows shop.. 🙂

araitz
Splunk Employee
Splunk Employee

That is correct, as of version 2.0.x there is no Windows version. We have an enhancement request for Windows support. If other customers want it, this is the place to comment with your details.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...