Requirements:
- This Add-on requires additional 'Splunk Add-on for Check Point OPSEC LEA' version 4.3.1 (https://splunkbase.splunk.com/app/3197/) installed on a Heavy Forwarder to retrieve the logs from OPSEC LEA Server.
Installation:
- The Add-on Enosys Add-on for Check Point OPSEC LEA should be installed on Search Heads and Indexers.
- Splunk Add-on for Check Point OPSEC LEA version 4.3.1 (https://splunkbase.splunk.com/app/3197/) installed on a Heavy Forwarder
Known issues:
- (none)
Addressed Issues:
- Additional 'opsec' vendor action with CIM expected action values
- Re-mapped 'eventtypes' linked to tags authentication, network and malware
Splunk Enterprise versions | 7.2, 7.1, 7.0, 6.6 |
---|---|
CIM | 4.10, 4.11, 4.12 |
Platforms | Platform independent |
Vendor Products | CheckPoint |
Removed application components, purely a field extraction TA now to allow for easier certification.
Designed for use on Search Heads only with the 'official' version with LEA binary to be used locally for connectivity to Checkpoint servers.
Altered the formal version number (to show that this is a fork) however preserved the original base version in the name to allow people to see at what point we started modifying the project.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.