This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Using Splunk as data source for Checkpoint logs

SharadSethi
Beginner
Beginner

‎2016-12-05 04:46 PM

Is anyone using Splunk as source for Checkpoint logs? It will be nice to know how their experience is with developing custom parser for CP logs via Splunk.

 

Also, it will be a good use case for RSA to develop a parser to take event logs from aggregator like Splunk.

0 Likes
1 REPLY 1

JoeGumke
Beginner
Beginner

‎2016-12-06 08:12 AM

Hey Sharad,

 

It might be worth checking out the CEF export app for splunk here : Splunk App for CEF | Splunkbase 

 

If you had splunk translate your checkpoint events into CEF, it would alleviate you of having to build an entirely new parser, and just modify the cef.xml parser in SA, or netwitness.

© 2022 RSA Security LLC or its affiliates. All rights reserved.