Choose your collector and event source.From the “Security Data” section, click the Firewall icon.When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.From your dashboard, select Data Collection on the left hand menu.How to Configure This Event Source in InsightIDR When you use syslog, InsightIDR will parse out the following logs types: When configuring Syslog properties, make sure that you choose Syslog from the 'Version' dropdown. You must enable and configure your Check Point firewall to send syslog to a server.
This configuration is much simpler than OPSEC LEA and is the recommended way if you are on the latest version. Send to Syslogįor versions R80 and higher, you can use syslog to send data from Check Point to InsightIDR. Regardless of how you decide to configure it, InsightIDR will also support parsing JSON from Check Point. You can send Check Point Firewall data to InsightIDR in multiple ways: syslog, a log aggregator, or the traditional OPSEC LEA.