Check Point NGFW
Version: Check Point NGFW – version R80.10 and later
Check Point is a cyber security architecture which offers security, easy deployment, and effective management by consolidating key security applications (Firewall, VPN, Intrusion Prevention, Antivirus and more).
Netsurion Open XDR manages logs retrieved from Check Point. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in Check Point.
The following are the key assets included with this Data Source Integration.
Alerts
Type | Name | Description |
---|---|---|
Security | Check Point NGFW – Attacks detected | Generated when an event associated with intrusion prevention is logged by Check Point. |
Security | Check Point NGFW – Configuration changes detected | Generated when a user performs configuration changes in Check Point. |
Security | Check Point NGFW – DLP event has been detected | Generated when an event associated with data Loss and prevention is logged by Check Point. |
Compliance | Check Point NGFW – Failed login attempt detected | Generated when an endpoint user or machine had a failed login attempt. |
Reports
Type | Name | Description |
---|---|---|
Security | Check Point NGFW – System attack detections | Provides information about system attack detections. |
Security | Check Point NGFW – URL filtering activities | Provides information about the summary of events that are related to URL filtering that controls access to millions of web sites by category, users, groups, and machines to protect users from malicious sites. It includes, URL accessed, endpoint IP, user agent, log datetime, and more. |
Security | Check Point NGFW – Application control activities | Provides information about Application control activities. |
Security | Check Point NGFW – HTTPS inspection activities | Provides information about the summary of events related to traffic that are encrypted by HTTPS. It includes, URL, endpoint IP address, source port, action type, application category, and more. |
Security | Check Point NGFW – DLP activities | Provides information about summary of data loss and prevention events. It includes, action type, sender address, recipient address, email subject, scanning direction, and more. |
Security | Check Point NGFW – Anti malware events | Provides information about the summary of events that are associated with anti-malware activities, that is, events where viruses, spyware, keystroke loggers, trojans and rootkits are identified using signatures, behaviour blockers and heuristic analysis. It includes, endpoint username, anti-virus name, event type, OS name or version, scan status, and more. |
Compliance | Check Point NGFW – Denied traffic activities | Provides information about the summary of denied traffic in Check Point firewall. It includes, source IP address, destination address, action type, service Id, and more. |
Compliance | Check Point NGFW – User login and logout activities | Provides information about the summary of endpoint user’s or machine’s failed login activity. It includes, username, source IP address, authentication type, Identity type, log datetime, and more. |
Compliance | Check Point NGFW – VPN login and logout activities | Provides information about the summary of VPN or SSLVPN login and logout activities. It includes, endpoint IP address, login option, failure reason, and more. |
Compliance | Check Point NGFW – All VPN activities | Provides information about all VPN activities |
Operational | Check Point NGFW – Allowed traffic activities | Provides information about allowed traffic in Check Point firewall. It includes, source IP address, destination address, action type, service Id, and more. |
Dashboards
Type | Name | Description |
---|---|---|
Security | Check Point NGFW – Events by attack detection score | Displays all the events by attack detection score captured by Check Point NGFW. |
Compliance | Check Point NGFW – VPN log in by source IP address | Displays all the VPN login by source IP address. |
Compliance | Check Point NGFW – Login activities object type | Displays all the login activities object type captured by Check Point NGFW. |
Compliance | Check Point NGFW – Login fails | Displays all the Login fails captured by Check Point NGFW. |
Operational | Check Point NGFW – Event log types | Displays all the log types captured by Check Point NGFW. |
Operational | Check Point NGFW – Event by action performed | Displays all the event by action performed by Check Point NGFW. |
Operational | Check Point NGFW – Traffic denied | Displays all the denied traffic captured by Check Point NGFW. |
Operational | Check Point NGFW – Events traffic allowed | Displays all the events traffic allowed by Check Point NGFW. |
Saved Searches
Type | Name | Description |
---|---|---|
Security | Check Point NGFW – Attacks detected | Provides information about system attack detections. |
Security | Check Point NGFW – URL filtering | Provides information about the summary of events related to URL filtering that controls access to millions of web sites by category, users, groups, and machines to protect users from malicious sites. It includes, URL accessed, endpoint IP, user agent, log datetime, and more. |
Security | Check Point NGFW – Application control | Provides information about Application control activities. |
Security | Check Point NGFW – HTTPS inspection | Provides information about the summary of events related to traffic that are encrypted by HTTPS. It includes, URL, endpoint IP address, source port, action type, application category, and more. |
Security | Check Point NGFW – DLP events | Provides information about summary of data loss and prevention events. It includes, action type, sender address, recipient address, email subject, scanning direction, and more. |
Security | Check Point NGFW – Anti malware events | Provides information about the summary of events that are associated with anti-malware activities, events where viruses, spyware, keystroke loggers, trojans and rootkits are identified using signatures, behaviour blockers and heuristic analysis. It includes, endpoint username, anti-virus name, event type, OS name/version, scan status, and more. |
Security | Check Point NGFW – Configuration changes | Provides information about the configuration changes activities. |
Compliance | Check Point NGFW – Login and logout activities | Provides information about the summary of endpoint user or machine failed login activity. It includes, username, source IP address, authentication type, Identity type, log datetime, and more. |
Compliance | Check Point NGFW – VPN login and logout activities | Provides information about the summary of VPN or SSLVPN login and logout activities. It includes, endpoint IP address, login option, failure reason, and more. |
Compliance | Check Point NGFW – Login failed activities | Provides information about all the login failed activities. |
Operational | Check Point NGFW – Allowed traffic | Provides information about allowed traffic in Check Point firewall. It includes, source IP address, destination address, action type, service Id, and more. |
Operational | Check Point NGFW – Denied traffic | Provides information about the summary of denied traffic in Check Point firewall. It includes, source IP address, destination address, action type, service Id, and more. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Check Point NGFW.
Download the Integration Guide for configuration instructions and more information.