The Check Point App for Splunk has replaced the Splunk Add-on for OPSEC LEA for data collection.
About the Splunk Add-on for Check Point OPSEC LEA
|Vendor Products||Check Point OPSEC LEA R77, R80|
|Visible||Yes. This add-on contains views for configuration.|
The Splunk Add-on for Check Point OPSEC LEA allows a Splunk software administrator to collect and analyze firewall, VPN, Anti-Virus, Anti-Bot, SmartDefense (IPS), Threat Emulation, and audit logs from Check Point standalone FW-1 firewalls, standard Multi-Domain Security Management (Provider-1) environments, and Provider-1 environments using the Multi-Domain Log Module (MLM). After the Splunk platform indexes the events, you can analyze the data using the prebuilt panels included with the add-on.
Download the Splunk Add-on for Check Point OPSEC LEA from Splunkbase at http://splunkbase.splunk.com/app/3197.
Discuss the Splunk Add-on for Check Point OPSEC LEA on Splunk Answers at http://answers.splunk.com/answers/app/3197.
Source types for the Splunk Add-on for Check Point OPSEC LEA
This documentation applies to the following versions of Splunk® Supported Add-ons: released