Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Overview-

We are providing you the steps to integrate your Checkpoint Firewall with Seceon SIEM so that you can have a Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ) . In this document we are guiding you the steps for Netflows forwarding.

Steps to Configure -

     host 192.168.10.20 {
            facility all {
                level notice
            }
        }
    }

Below is the prefered link -

Sending firewall logs to remote syslog | Ubiquiti Community

Verification of configuration

 

Verification can be done in 2 ways  either on CCE or on UI 

  • VERIFICATION THROUGH UI

1.Open UI >>Systems

  1. Dropdown systems and go inside -

logs and flows collection status.

  1. Under -

Source device IP address section the device configured will reflect.

  • Verification Through CCE server

sudo tcpdump -i any host 9995 and host <IP address> -AAA” command should be ran on CCE server to check wheather or not we are getting logs .

 

  • No labels

Seceon Inc. All rights reserved. https://www.seceon.com