Hello people,

I have another question because i was not able to find it here if someone asked.. I wanted to ask if there is a way to implement the checkpoint endpoint protection logs that can be read on the smartconsole into the qradar log feed? I want to do that because i want to see everything in one console and want to make some offense events that will notify me via e-mail. Just to be clear we do not have the checkpoint firewall but the checkpoint endpoint protection.

Thank you very much.

------------------------------
Slavcho Andreevski
------------------------------

Hi Slavcho

DSM guide from page 495 , it describe Check Point log source configuration But no see checkpoint endpoint protection product.
http://public.dhe.ibm.com/software/security/products/qradar/documents/iTeam_addendum/b_dsm_guide.pdf

If current Check Point DSM not support endpoint log parsing, you may need to use Universal DSM

------------------------------
Brian Kwak
------------------------------

Original Message:
Sent: Thu May 26, 2022 07:00 AM
From: Slavcho Andreevski
Subject: Qradar and checkpoint endpoint protection logs

Hello people,

I have another question because i was not able to find it here if someone asked.. I wanted to ask if there is a way to implement the checkpoint endpoint protection logs that can be read on the smartconsole into the qradar log feed? I want to do that because i want to see everything in one console and want to make some offense events that will notify me via e-mail. Just to be clear we do not have the checkpoint firewall but the checkpoint endpoint protection.

Thank you very much.

------------------------------
Slavcho Andreevski
------------------------------