Splunk Add-on for Check Point OPSEC LEA

The Splunk Add-on for Check Point OPSEC LEA lets you collect and analyze firewall, VPN, IDS, and audit logs from Check Point standalone FW-1 firewalls, standard Multi-Domain Security Management (Provider-1) environments, and Provider-1 environments using the Multi-Domain Log Module (MLM). The add-on uses the Check Point Log Export API (LEA) along with a customized Splunk lea-loggrabber utility to poll your Check Point servers and collect log data on Linux (RHEL/CentOS 5.x or 6.x only). This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.

Built by Splunk Inc.

Latest Version 3.1.0

July 30, 2015

Release notes

Compatibility

Not Available

Platform Version: 6.3, 6.2, 6.1, 6.0

CIM Version: 4.x, 3.x

Rating

0

(0)

Log in to rate this app

Support

Splunk Supported addon

Learn more

Ranking

#16

in Security, Fraud & Compliance

The Splunk Add-on for Check Point OPSEC LEA lets you collect and analyze firewall, VPN, IDS, and audit logs from Check Point standalone FW-1 firewalls, standard Multi-Domain Security Management (Provider-1) environments, and Provider-1 environments using the Multi-Domain Log Module (MLM). The add-on uses the Check Point Log Export API (LEA) along with a customized Splunk lea-loggrabber utility to poll your Check Point servers and collect log data on Linux (RHEL/CentOS 5.x or 6.x only). This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.