Breadcrumbs

LSO: Syslog - Check Point Log Exporter (Mapping Doc)

This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Check Point Log Exporter log source type. 

Vendor Documentation


Prerequisites

Supported Log Messages

The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.

Log Message Type

Event Type

Anti-Malware

General Threat Protection Event

Application Control

General Network Traffic

Application Control URL Filtering

Application Control Detection

Connectra Logs

General Operations

Content Awareness

General File Monitoring Event

Data Loss Prevention

Data Loss Prevention Activity

Forensics Events

Vuln Low Severity : Forensics

HTTPS Inspection

Inspect Packet

Identity Awareness

General Firewall Log

Identity Logging

General User Activity Monitor Event

Log Update

Log Statistics

MTA Events

General Information

New Anti-Virus

General Firewall Log

SmartDefense

General Firewall Log

Syslog Message

General Syslog Message

Threat Emulation

General Threat Protection Event

Threat Extraction Events

General Threat Message

URL Filtering

General Firewall Log

WEB_API

General Information

Log Processing Policy Updates

This section details log processing policy updates made to AIE Rules, system reports and templates, tails, and investigations as part of LSO.

Updates to AIE Rules

  • No changes.

Updates to System Reports

  • No changes.

Updates to System Investigations

  • No changes.

Updates to System Report Templates

  • No changes.

Updates to System Tails

  • No changes.