So we have a checkpoint firewall with the IDS module sending events, we followed the mcafee guide for checkpoint data sources, configuring the cma etc. But the events coming across are just coming across as Smartdefense : tcp : reject or accept. If I look at the packet I can see some of the information but its just not filling in the right blanks. Im thinking maybe I need a custom parser? but I have no idea how to do that.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.