Applies To: CheckPoint version R80.10 and above
CheckPoint is a cyber security architecture which offers the perfect combination of proven security, easy deployment, and effective management by consolidating key security applications (firewall, VPN, intrusion prevention, and antivirus and more) into a single, efficiently managed solution.
EventTracker, when integrated with CheckPoint, collects logs from it and creates detailed reports, alerts, dashboards, and saved searches. These attributes of EventTracker helps user to view and receive the critical and relevant information with respect to security, operations and compliance.
Reports contain a detailed summary of events such as failed user authentications, passed authentications in network devices, firewall allowed and denied traffic, anti-malware events, data loss and prevention events, VPN login and logout, and many more in column-value pair.
Alerts are triggered as soon as a critical event are received by EventTracker for CheckPoint, such as failed authentications, invalid HTTP request from an endpoint, or detection of an DLP event, etc.
Dashboards represent activities occurring in CheckPoint. These includes, actions applied on endpoint requests, summary of DLP events, firewall traffic events by source and destination IP address, etc.
These attributes or configurations of EventTracker allows administrators to quickly take appropriate actions against any threat/adversaries trying to jeopardize an organization’s normal operation.
Once CheckPoint is configured to deliver events to EventTracker manager alerts, dashboards, and reports can be configured into EventTracker.
The configuration details are consistent with EventTracker version 9.2 and later, CheckPoint version R80.10 and above.
To configure CheckPoint to send logs to EventTracker, refer to the How-to Guide.
For more information please refer to the Integration guide