Check Point Integration Guide🔗
A Check Point management server must be running a supported version to be configured to send logs via syslog to the Taegis™ XDR Collector using Check Point Log Exporter. You can find the supported versions in this Check Point Log Export Guide.
Connectivity Requirements🔗
Source | Destination | Port/Protocol |
---|---|---|
Firewall_interface | XDR Collector (mgmt IP) | TCP/601 |
Data Provided from Integration🔗
Normalized Data | Out-of-the-Box Detections | Vendor-Specific Detections | |
---|---|---|---|
Check Point Firewall | Auth, HTTP, Netflow | Antivirus, Thirdparty |
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions🔗
To configure Check Point logging using Check Point Log Exporter, follow the guide provided by Check Point. Consider the following requirements when completing the configuration steps:
- Target Server IP Address — This is the IP address of the XDR Collector.
- Target Port — 601
- Protocol — TCP
- Format — CEF