LSO: Syslog - Check Point Log Exporter (Mapping Doc)
This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Check Point Log Exporter log source type.
Vendor Documentation
Prerequisites
Download and apply the Knowledge Base. For more information, see KB Synchronization Settings for LSO.
- Enable the new MPE rules in the LogRhythm System Monitor.
Select log source type Syslog - Check Point Log Exporter.
Enable log processing policy LogRhythm Default v2.0.
For details on how to enable LogRhythm Default v2.0, see Apply LogRhythm Default v2.0 on a Log Source.
Supported Log Messages
The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.
Log Message Type | Event Type |
| Anti-Malware | General Threat Protection Event |
| Application Control | General Network Traffic |
| Application Control URL Filtering | Application Control Detection |
| Connectra Logs | General Operations |
| Content Awareness | General File Monitoring Event |
| Data Loss Prevention | Data Loss Prevention Activity |
| Forensics Events | Vuln Low Severity : Forensics |
| HTTPS Inspection | Inspect Packet |
| Identity Awareness | General Firewall Log |
| Identity Logging | General User Activity Monitor Event |
| Log Update | Log Statistics |
| MTA Events | General Information |
| New Anti-Virus | General Firewall Log |
| SmartDefense | General Firewall Log |
| Syslog Message | General Syslog Message |
| Threat Emulation | General Threat Protection Event |
| Threat Extraction Events | General Threat Message |
| URL Filtering | General Firewall Log |
| WEB_API | General Information |
Log Processing Policy Updates
This section details log processing policy updates made to AIE Rules, system reports and templates, tails, and investigations as part of LSO.
Updates to AIE Rules
- No changes.
Updates to System Reports
- No changes.
Updates to System Investigations
- No changes.
Updates to System Report Templates
- No changes.
Updates to System Tails
- No changes.