Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checkpoint OPSEC LEA Integration
Hi,
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Isru,
CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture.
Simple things to check:
Make sure connectivity is available to CP from FSM Super or Collectors.
Are you using SmartCenter or is it CLM, MLM, CLA.
Check what version of CheckPoint is running.
Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.-------------------------------------------
Original Message:
Sent: May 22, 2020 05:22 AM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi,
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru
CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture.
Simple things to check:
Make sure connectivity is available to CP from FSM Super or Collectors.
Are you using SmartCenter or is it CLM, MLM, CLA.
Check what version of CheckPoint is running.
Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.-------------------------------------------
Original Message:
Sent: May 22, 2020 05:22 AM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi,
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Daniel,
Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.
I will look into syslog as well.
Regards,
Isuru-------------------------------------------
Original Message:
Sent: May 28, 2020 04:57 AM
From: Daniel Hanman
Subject: Checkpoint OPSEC LEA Integration
Hi Isru,
CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture.
Simple things to check:
Make sure connectivity is available to CP from FSM Super or Collectors.
Are you using SmartCenter or is it CLM, MLM, CLA.
Check what version of CheckPoint is running.
Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.
Original Message:
Sent: May 22, 2020 05:22 AM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi,
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru
Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.
I will look into syslog as well.
Regards,
Isuru-------------------------------------------
Original Message:
Sent: May 28, 2020 04:57 AM
From: Daniel Hanman
Subject: Checkpoint OPSEC LEA Integration
Hi Isru,
CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture.
Simple things to check:
Make sure connectivity is available to CP from FSM Super or Collectors.
Are you using SmartCenter or is it CLM, MLM, CLA.
Check what version of CheckPoint is running.
Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.
Original Message:
Sent: May 22, 2020 05:22 AM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi,
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Daniel,
Regarding the Syslog Forwarding... Were you referring to this kind of a scenario (https://qostechnology.in/blog/syslog-integration-with-checkpoint/) or the 'Checkpoint log exporter' ??
Regards,
Isuru-------------------------------------------
Original Message:
Sent: May 28, 2020 08:25 PM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi Daniel,
Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.
I will look into syslog as well.
Regards,
Isuru
Original Message:
Sent: May 28, 2020 04:57 AM
From: Daniel Hanman
Subject: Checkpoint OPSEC LEA Integration
Hi Isru,
CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture.
Simple things to check:
Make sure connectivity is available to CP from FSM Super or Collectors.
Are you using SmartCenter or is it CLM, MLM, CLA.
Check what version of CheckPoint is running.
Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.
Original Message:
Sent: May 22, 2020 05:22 AM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi,
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru
Regarding the Syslog Forwarding... Were you referring to this kind of a scenario (https://qostechnology.in/blog/syslog-integration-with-checkpoint/) or the 'Checkpoint log exporter' ??
Regards,
Isuru-------------------------------------------
Original Message:
Sent: May 28, 2020 08:25 PM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi Daniel,
Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.
I will look into syslog as well.
Regards,
Isuru
Original Message:
Sent: May 28, 2020 04:57 AM
From: Daniel Hanman
Subject: Checkpoint OPSEC LEA Integration
Hi Isru,
CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture.
Simple things to check:
Make sure connectivity is available to CP from FSM Super or Collectors.
Are you using SmartCenter or is it CLM, MLM, CLA.
Check what version of CheckPoint is running.
Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.
Original Message:
Sent: May 22, 2020 05:22 AM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi,
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try this https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...-------------------------------------------
Original Message:
Sent: Jun 01, 2020 08:45 PM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi Daniel,
Regarding the Syslog Forwarding... Were you referring to this kind of a scenario (https://qostechnology.in/blog/syslog-integration-with-checkpoint/) or the 'Checkpoint log exporter' ??
Regards,
Isuru
Original Message:
Sent: May 28, 2020 08:25 PM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi Daniel,
Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.
I will look into syslog as well.
Regards,
Isuru
Original Message:
Sent: May 28, 2020 04:57 AM
From: Daniel Hanman
Subject: Checkpoint OPSEC LEA Integration
Hi Isru,
CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture.
Simple things to check:
Make sure connectivity is available to CP from FSM Super or Collectors.
Are you using SmartCenter or is it CLM, MLM, CLA.
Check what version of CheckPoint is running.
Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.
Original Message:
Sent: May 22, 2020 05:22 AM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi,
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru
Original Message:
Sent: Jun 01, 2020 08:45 PM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi Daniel,
Regarding the Syslog Forwarding... Were you referring to this kind of a scenario (https://qostechnology.in/blog/syslog-integration-with-checkpoint/) or the 'Checkpoint log exporter' ??
Regards,
Isuru
Original Message:
Sent: May 28, 2020 08:25 PM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi Daniel,
Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.
I will look into syslog as well.
Regards,
Isuru
Original Message:
Sent: May 28, 2020 04:57 AM
From: Daniel Hanman
Subject: Checkpoint OPSEC LEA Integration
Hi Isru,
CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture.
Simple things to check:
Make sure connectivity is available to CP from FSM Super or Collectors.
Are you using SmartCenter or is it CLM, MLM, CLA.
Check what version of CheckPoint is running.
Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.
Original Message:
Sent: May 22, 2020 05:22 AM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi,
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dan,
Thanks, I will look into this.
Regards,
Isuru-------------------------------------------
Original Message:
Sent: Jun 18, 2020 02:34 AM
From: Daniel Hanman
Subject: Checkpoint OPSEC LEA Integration
try this https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Original Message:
Sent: Jun 01, 2020 08:45 PM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi Daniel,
Regarding the Syslog Forwarding... Were you referring to this kind of a scenario (https://qostechnology.in/blog/syslog-integration-with-checkpoint/) or the 'Checkpoint log exporter' ??
Regards,
Isuru
Original Message:
Sent: May 28, 2020 08:25 PM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi Daniel,
Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.
I will look into syslog as well.
Regards,
Isuru
Original Message:
Sent: May 28, 2020 04:57 AM
From: Daniel Hanman
Subject: Checkpoint OPSEC LEA Integration
Hi Isru,
CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture.
Simple things to check:
Make sure connectivity is available to CP from FSM Super or Collectors.
Are you using SmartCenter or is it CLM, MLM, CLA.
Check what version of CheckPoint is running.
Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.
Original Message:
Sent: May 22, 2020 05:22 AM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi,
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru
Thanks, I will look into this.
Regards,
Isuru-------------------------------------------
Original Message:
Sent: Jun 18, 2020 02:34 AM
From: Daniel Hanman
Subject: Checkpoint OPSEC LEA Integration
try this https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Original Message:
Sent: Jun 01, 2020 08:45 PM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi Daniel,
Regarding the Syslog Forwarding... Were you referring to this kind of a scenario (https://qostechnology.in/blog/syslog-integration-with-checkpoint/) or the 'Checkpoint log exporter' ??
Regards,
Isuru
Original Message:
Sent: May 28, 2020 08:25 PM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi Daniel,
Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.
I will look into syslog as well.
Regards,
Isuru
Original Message:
Sent: May 28, 2020 04:57 AM
From: Daniel Hanman
Subject: Checkpoint OPSEC LEA Integration
Hi Isru,
CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture.
Simple things to check:
Make sure connectivity is available to CP from FSM Super or Collectors.
Are you using SmartCenter or is it CLM, MLM, CLA.
Check what version of CheckPoint is running.
Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.
Original Message:
Sent: May 22, 2020 05:22 AM
From: Isuru Tharanga
Subject: Checkpoint OPSEC LEA Integration
Hi,
We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.
FortiSIEM 5.3.0
Checkpoint R80.10
Did anyone come across with this issue before?
Regards,
Isuru