We recently on boarded checkpoint logs into splunk using the opsec addon. We are looking at filtering out the https inspection "product" or blade. We thought maybe it was lumped in with the firewall logs but we recently disabled that and are still seing https inspection logs. Any idea which input to disable?