Splunk® Supported Add-ons

Splunk Add-on for Check Point Log Exporter

Release notes for the Splunk Add-on for Check Point Log Exporter

Version 1.2.0 of the Splunk Add-on for Check Point Log Exporter was released on February 15, 2024.

About this release

Version 1.2.0 of the Splunk Add-on for Check Point Log Exporter is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 9.0.x, 9.1.x
CIM 5.3.1
Platforms Platform independent
Vendor Products Check Point Software R81, R81.10, R81.20, Check Point Endpoint client version E84.30, E86.20, E87.50, Check Point Management server version: R80.40, R81.10, R81.20

New Features

  • Added support for Checkpoint Log Exporter server vR81.20
  • Events related to "logout" will now be mapped under Change:Account_Management DM instead of Change:All_Changes
  • Modified CIM field extractions for file_name & file_path
    • file_name will now contain only the name of the file and not the path of the file
    • file_path value will have the absolute path of the file including the file_name
  • In events of source checkpoint:ids_malware, the events which have protection_type = "URL Reputation" will now fall under Web CIM data model instead of Malware or Intrusion Detection data model
  • Enhanced extractions for user related fields - user, user_name, src_user, src_user_name
    • If the event has user detail such as "john doe (jdoe)", then user_name, src_user_name will be extracted as "john doe" and user, src_user will be extracted as "jdoe".
    • Else the extracted values will be intact.
  • Enhanced extraction of "result" CIM field for better coverage in checkpoint:audit source events
  • Provided support of the latest CIM version - v5.3.1
  • Updated SC4S filter for compatibility with new Checkpoint Blade data
  • Added support of new Checkpoint Blades and the details of assigned source and CIM data models are mentioned below
Product source Data model supported
Check Point GO Password Reset checkpoint:audit Change
Database Tool checkpoint:audit Change
cpmidu_update_tool checkpoint:audit Change
query-datebase checkpoint:audit Change
FG VPN-1 & FireWall-1 checkpoint:firewall Network Traffic
Qos checkpoint:firewall Network Traffic
MTA checkpoint:email Email
Anti Spam and Email Security checkpoint:email Email
Anti Phishing checkpoint:email Email



Fixed issues

Version 1.2.0 of the Splunk Add-on for Check Point Log Exporter contains the following fixed issues:

  • Resolved reference cycle issue in the lookups for the sourcetypes cp_log and cp_log:syslog.
Date resolved Issue number Description
2024-02-07 ADDON-59604 Issue in file_path field extraction

Known issues

Version 1.2.0 of the Splunk Add-on for Check Point Log Exporter has the following known issues. If none appear, none have been reported:


Third-party software attributions

Version 1.2.0 of the Splunk Add-on for Check Point Log Exporter does not incorporate any third-party libraries.

Last modified on 20 February, 2024
Source types for the Splunk Add-on for Check Point Log Exporter   Release history for Check Point Log Exporter

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters