All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does the Splunk Add-on for Check Point OPSEC LEA work with Checkpoint R80?

tallan
Engager
‎03-30-2016 09:12 AM

Will the Splunk Add-on for Check Point OPSEC LEA work with Checkpoint R80? We are in the process of doing an early upgrade on all Checkpoint managers and log servers to R80. The older version of Checkpoint that we were on, R77, is currently supported by the OPSEC LEA add-on and has functioned properly since installation, but I do not see any information or release dates for support of R80. Has anyone tried R80 and the OPSEC LEA add-on?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

larmesto
Path Finder
‎05-16-2016 06:29 AM

Splunk Add-on for Check Point OPSEC LEA does not support the r80 release of Check Point. The add-on requires 77.3 or earlier. regards

View solution in original post

Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎07-23-2018 02:03 AM

Given that R80 supports syslog forwarding, you might want to take a look a that. Could make your checkpoint data collection a lot easier. You'd need to create a custom TA for it, since the official add-on does not support the syslog format, but apart from the basic field extractions, you can re-use a lot of logic from the original TA.

0 Karma
Reply
Solved! Jump to solution

tonisaprano
New Member
‎07-23-2018 01:14 AM

But starting with version 4.0.0 release notes tell that Add-on supports R80. (vendor Products Check Point OPSEC LEA R76, R77, R80). Actually has anybody tried R80 and the OPSEC LEA add-on?

0 Karma
Reply
Solved! Jump to solution
Solution

larmesto
Path Finder
‎05-16-2016 06:29 AM

Splunk Add-on for Check Point OPSEC LEA does not support the r80 release of Check Point. The add-on requires 77.3 or earlier. regards

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...