Check Point brings an advanced and real-time threat analysis and reporting tool for Splunk. The Check Point App for Splunk allows you to respond to security risks immediately and gain true insights about your network. You can collect and analyze millions of logs from all Check Point technologies and platforms across networks, Cloud, Endpoints and Mobile. This app uses the Check Point Log Exporter to seamlessly send logs from your Check Point log servers to your Splunk server. Main features include:
- Compatibility with Common Information Model (CIM).
- Compatibility with Splunk Enterprise Security.
- Provides Check Point SmartEvent dashboards out of the box (e.g., General Overview, Threat Prevention and the new Cyber Attack View).
- Installation of Log Exporter on Check Point MGMT / Log Server - see SK122323
- Installation of Common Information Model (CIM) app from Splunkbase to support Splunk CIM format.
Install the Check Point App for Splunk on your Splunk servers. If you have a distributed environment, you must install it on each Splunk machine (forwarder, indexer, and search head).
- Download the Check Point App for Splunk from Splunkbase.
- Log in into your Splunk machine.
- On the Apps left panel on your homepage, click “Manage Apps”.
- Click “Install app from file” and select the downloaded tgz file.
- Click Upload and wait until you receive a success notification. After you install the app, you can find it in the Apps panel on your Splunk home page.
For more details about the app, please see Check Point App for Splunk – User Guide
Splunk compatibility: 6.5 or later.
CIM compatibility: 4.5 or later.
Email: [email protected]