Check Point Firewall
Overview
Check Point’s Next Generation Firewalls (NGFW’s) are trusted by customers for their highest security effectiveness and their ability to keep organizations protected from sophisticated fifth generation cyber-attacks. Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.
Related Built-in Rules
Benefit from SEKOIA.IO built-in rules and upgrade Check Point Firewall with the following detection capabilities out-of-the-box.
SEKOIA.IO x Check Point Firewall on ATT&CK Navigator
SEKOIA.IO Intelligence Feed
Detect threats based on indicators of compromise (IOCs) collected by SEKOIA's Threat and Detection Research team.
- Effort: elementary
Event Categories
The following table lists the data source offered by this integration.
| Data Source | Description |
|---|---|
Network device logs |
Check Point can record traffic events flowing through their firewall. |
Network protocol analysis |
Check Point firewall does traffic analysis at physical/data/transport layers |
Web logs |
Domain names are extracted from HTTP traffic |
Configure
The solution to collect Checkpoint logs leverages the Log Exporter method and Syslog forwarding.
Log Exporter must be configured to send logs in the CEF format.
Syslog forwading
Please refer to the Syslog Forwarding documentation to forward these logs to Sekoia.io.