cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Check Point Firewall R75 Datasource (OPSEC) and finding specific LOG-Information

Jump to solution

Hello!

After configureing the Check Point SmartCenter-Server as a datasource (OPSEC-Connection) i can see a lot of log-information of the firewalls.

Till now i did not find out how to find Logs related to the IPS-System of the Firewall. All the IPS-Logs are stored on the SmartCenter and are transfered via the OPSEC-Connection to the SIEM-System but i am not able to find them (drilldown, etc.).

Best regards

Martin

1 Solution

Accepted Solutions
Highlighted
Level 9
Report Inappropriate Content
Message 9 of 11

Re: Check Point Firewall R75 Datasource (OPSEC) and finding specific LOG-Information

Jump to solution

Hi Martin

If you are using the Smart Defence IPS from Check Point, you can build a custom view.

If you want to view all the Smart Defence IPS classifications use the application filter: Smart Defence ( you will see this as well from the Check Point management station feed or datasource)

The same goes for any other blade functionality you enable from the Check Point technology stack ( application control,anti-botnet etc)

From there you can go down further and break it up in signature etc.

One big issue we have currently is with the auto-learn rules which clash with the 7 custom ASP rules provided by McAfee.

Regards,

Japie

View solution in original post

10 Replies
Highlighted
Level 7
Report Inappropriate Content
Message 2 of 11

Re: Check Point Firewall R75 Datasource (OPSEC) and finding specific LOG-Information

Jump to solution

Can you capture config CP FW ?

Highlighted

Re: Check Point Firewall R75 Datasource (OPSEC) and finding specific LOG-Information

Jump to solution

Hello!

What kind of information do you mean? I configured on the SmartCenter the OPSEC-Part.

Best regards

Martin P.

Highlighted
Level 7
Report Inappropriate Content
Message 4 of 11

Re: Check Point Firewall R75 Datasource (OPSEC) and finding specific LOG-Information

Jump to solution

Yes

Highlighted

Re: Check Point Firewall R75 Datasource (OPSEC) and finding specific LOG-Information

Jump to solution

Hello!

It is straight forward:

Vendor: User defined

Server Entities: none

Client Entities: LEA

As I said, this connection works fine and i can see all the Rule-Descriptions, the traffic. And i can make drill-downs (for example) based on source-ips, Ports. But i have the problem that till now, i cannot drill down (find) possilbe IPS-Logs, which are generated by the IPS-Blade on the Firewall.

Best regardsopsec.JPG

Martin

Highlighted
Level 7
Report Inappropriate Content
Message 6 of 11

Re: Check Point Firewall R75 Datasource (OPSEC) and finding specific LOG-Information

Jump to solution

at communication you config as picture:

01.png

AT ESM : you config as datasource with one time password

Highlighted

Re: Check Point Firewall R75 Datasource (OPSEC) and finding specific LOG-Information

Jump to solution

Hello!

Yes as i said, the OPSEC-Connection works fine, trust is established. How can you see IPS-Alerts in the MC-AFEE ESM?

Best regards

Martin

Highlighted

Re: Check Point Firewall R75 Datasource (OPSEC) and finding specific LOG-Information

Jump to solution

Hello!

Now i maybe found something. With the drill-down-option i found out, that in the value-field "Threat_Name" the original Check Point Names of the IPS-Alarms are listened! Maybe i can use this to create reports/alarms.

Have you tried this in this way?

Martin

Highlighted
Level 9
Report Inappropriate Content
Message 9 of 11

Re: Check Point Firewall R75 Datasource (OPSEC) and finding specific LOG-Information

Jump to solution

Hi Martin

If you are using the Smart Defence IPS from Check Point, you can build a custom view.

If you want to view all the Smart Defence IPS classifications use the application filter: Smart Defence ( you will see this as well from the Check Point management station feed or datasource)

The same goes for any other blade functionality you enable from the Check Point technology stack ( application control,anti-botnet etc)

From there you can go down further and break it up in signature etc.

One big issue we have currently is with the auto-learn rules which clash with the 7 custom ASP rules provided by McAfee.

Regards,

Japie

View solution in original post

Highlighted

Re: Check Point Firewall R75 Datasource (OPSEC) and finding specific LOG-Information

Jump to solution

Hi Japie!

Thank you very much for your answere. Now i found out how to proceed with this.

It works great!

Best regards

Martin

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community