Check Point Firewall

Version: CheckPoint version R80.10 and above

CheckPoint is a cyber security architecture which offers the perfect combination of proven security, easy deployment, and effective management by consolidating key security applications (firewall, VPN, intrusion prevention, and antivirus and more) into a single, efficiently managed solution.

Netsurion's Open XDR platform integrates with CheckPoint, collects logs from it and creates detailed reports, alerts, dashboards, and saved searches. These attributes of Netsurion helps user to view and receive the critical and relevant information with respect to security, operations and compliance.

Reports contain a detailed summary of events such as failed user authentications, passed authentications in network devices, firewall allowed and denied traffic, anti-malware events, data loss and prevention events, VPN login and logout, and many more in column-value pair.

Alerts are triggered as soon as a critical event are received by Netsurion's Open XDR platform for CheckPoint, such as failed authentications, invalid HTTP request from an endpoint, or detection of an DLP event, etc.

Dashboards represent activities occurring in CheckPoint. These includes, actions applied on endpoint requests, summary of DLP events, firewall traffic events by source and destination IP address, etc.

These attributes or configurations of Netsurion allows administrators to quickly take appropriate actions against any threat/adversaries trying to jeopardize an organization's normal operation.

Once CheckPoint is configured to deliver events to Netsurion manager alerts, dashboards, and reports can be configured into Netsurion.

Alerts

Type Name Description
Security CheckPoint - Attacks detected This alert is triggered when an event associated with intrusion prevention is logged by CheckPoint.
Security CheckPoint - Configuration Changes detected This alert is triggered when a user performs configuration changes in CheckPoint.
Security CheckPoint - DLP event has been detected This alert is triggered when an event associated with data Loss and prevention is logged by CheckPoint.
Security CheckPoint - Failed login attempt detected This alert is triggered when an endpoint user/machine had a failed login attempt.

Reports

Type Name Description
Security Checkpoint - Failed login activity This report outlines the summary of endpoint user/machine failed login activity. It includes, username, source IP address, authentication type, Identity type, log datetime, etc.
Security Checkpoint - URL Filtering activities This report outlines the summary of events that are related to URL filtering that controls access to millions of web sites by category, users, groups, and machines to protect users from malicious sites. It includes, URL accessed, endpoint IP, user agent, log datetime, etc.
Security Checkpoint - Attacks Detected This report outlines the summary of events that are related to intrusion prevention. It includes, URL, protocol type, attack severity, protection name/type, attack category, etc.
Security Checkpoint - DLP activities This report outlines the summary of data loss and prevention events. It includes, action type, sender address, recipient address, email subject, scanning direction, etc.
Security Checkpoint - Anti Malware activities This report outlines the summary of events that are associated with anti-malware activities, i.e. events where viruses, spyware, keystroke loggers, trojans and rootkits are identified using signatures, behavior blockers and heuristic analysis. It includes, endpoint username, anti-virus name, event type, OS name/version, scan status, etc.
Security Checkpoint - Denied traffic activities This report outlines the summary of denied traffic in CheckPoint firewall. It includes, source IP address, destination address, action type, service Id, etc.
Operations Checkpoint - VPN login and logout This report outlines the summary of VPN/SSLVPN login and logout activities. It includes, endpoint IP address, login option, failure reason, etc.
Operations Checkpoint - Logout activity This report outlines the summary of endpoint user/machine logout activity. It includes, username, source IP address, authentication type, Identity type, log datetime, etc.
Operations Checkpoint - Login activity This report outlines the summary of endpoint user login activity. It includes, username, source IP address, authentication type, log datetime, etc.
Compliance Checkpoint - HTTPS Inspection activities This report outlines the summary of events that are related to traffic that are encrypted by HTTPS. It includes, URL, endpoint IP address, source port, action type, application category, etc.

Documentation:

The configuration details are consistent with Netsurion version 9.2 and later, CheckPoint version R80.10 and above.

Download Integration guide and How-to Guide for more information and to configuration instructions.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept