This procedure helps you to connect your Check Point via SIEM to the Expel Workbench. The procedure is to port in logs by creating a new Syslog source, configuring that source in Workbench, then your Check Point via SIEM device in Workbench.
Step 1: Logging Check Point to a desired SIEM
Refer to your SIEM documentation or work with your SIEM representative to port in Check Point logs. You can also refer to the following web references for creating a new Syslog source:
Step 2: Configure the SIEM in Workbench
This link opens the Expel Knowledge Base section for connecting SIEM-based technology to Workbench. Follow the applicable article to configure your SIEM-based tech and confirm that Check Point logs are flowing through and available.
Step 3: Configure Check Point via SIEM in Workbench
Note
Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.
-
In a new browser tab, go to https://workbench.expel.io/settings/security-devices?setupIntegration=checkpoint.
-
Fill in the device fields like this:
-
For SIEM select the SIEM that was onboarded in Step 2.
-
For Name type the host name of the Check Point device.
-
For Location type the geographic location of the device.
-
-
Fill in the Connection Settings fields based on the SIEM selected:
-
For Source category, type in the Sumo Logic source category for this device.
-
Comments
0 comments
Article is closed for comments.