Hi experts,
I have doubt on how to ingest logs for checkpoint harmony to google chronicle, as I couldn't find any option to ingest these logs via API
Solved
Checkpoint harmony integration to google chronicle
+3- Bronze 1
Best answer by matthewnichols
Hey @Jay_Tee
There are two ways to ingest Check Point Harmony logs into the Secops SIEM. Hope this helps answer your question.
1. Forwarder:
- The Secops forwarder is an agent installed on your network that collects logs from various sources, including Check Point Harmony appliances, and forwards them to Secops.
- The forwarder supports various input formats, including syslog, file, and packet capture.
- To ingest Check Point Harmony logs using the forwarder, you need to configure it to collect logs from your Harmony appliances in syslog format.
- Instructions for installing and configuring the forwarder can be found in the Secops documentation.
2. Data Feed:
- Secops supports data feeds, which pull data from static external locations (e.g., Amazon S3) or third-party APIs.
- To ingest Check Point Harmony logs using a data feed, you need to configure a feed to pull logs from your Harmony appliances.
- Check Point Harmony supports syslog and KV formats.
- Instructions for setting up data feeds can be found in the Secops documentation.
Choosing the Best Option:
The best option for you depends on your specific needs and environment.
- Forwarder: A good option if you prefer a single agent to collect logs from multiple sources.
- Data Feed: A good option if you prefer a dedicated feed for each data source.
Source: Google Security Operations data ingestion | Google Cloud
+20- Community Manager
- Answer
Hey @Jay_Tee
There are two ways to ingest Check Point Harmony logs into the Secops SIEM. Hope this helps answer your question.
1. Forwarder:
- The Secops forwarder is an agent installed on your network that collects logs from various sources, including Check Point Harmony appliances, and forwards them to Secops.
- The forwarder supports various input formats, including syslog, file, and packet capture.
- To ingest Check Point Harmony logs using the forwarder, you need to configure it to collect logs from your Harmony appliances in syslog format.
- Instructions for installing and configuring the forwarder can be found in the Secops documentation.
2. Data Feed:
- Secops supports data feeds, which pull data from static external locations (e.g., Amazon S3) or third-party APIs.
- To ingest Check Point Harmony logs using a data feed, you need to configure a feed to pull logs from your Harmony appliances.
- Check Point Harmony supports syslog and KV formats.
- Instructions for setting up data feeds can be found in the Secops documentation.
Choosing the Best Option:
The best option for you depends on your specific needs and environment.
- Forwarder: A good option if you prefer a single agent to collect logs from multiple sources.
- Data Feed: A good option if you prefer a dedicated feed for each data source.
Source: Google Security Operations data ingestion | Google Cloud
+3- Bronze 1
Hey @Jay_Tee
There are two ways to ingest Check Point Harmony logs into the Secops SIEM. Hope this helps answer your question.
1. Forwarder:
- The Secops forwarder is an agent installed on your network that collects logs from various sources, including Check Point Harmony appliances, and forwards them to Secops.
- The forwarder supports various input formats, including syslog, file, and packet capture.
- To ingest Check Point Harmony logs using the forwarder, you need to configure it to collect logs from your Harmony appliances in syslog format.
- Instructions for installing and configuring the forwarder can be found in the Secops documentation.
2. Data Feed:
- Secops supports data feeds, which pull data from static external locations (e.g., Amazon S3) or third-party APIs.
- To ingest Check Point Harmony logs using a data feed, you need to configure a feed to pull logs from your Harmony appliances.
- Check Point Harmony supports syslog and KV formats.
- Instructions for setting up data feeds can be found in the Secops documentation.
Choosing the Best Option:
The best option for you depends on your specific needs and environment.
- Forwarder: A good option if you prefer a single agent to collect logs from multiple sources.
- Data Feed: A good option if you prefer a dedicated feed for each data source.
Source: Google Security Operations data ingestion | Google Cloud
Thank you for the advice!
Check Point Harmony now has an integration for ingesting logs into SecOps SIEM via SIEM's ingestion API. Information on setting up this integration can be found in Check Point Harmony's SIEM/SOAR Integration documentation page by expanding the "Supported Transport methods" section. Information on the SecOps SIEM ingestion API can be found in our SecOps SIEM documentation. Note that you will need an ingestion API service account credential for the integration, which can currently only be provided by a Google SecOps representative.
Check Point Harmony now has an integration for ingesting logs into SecOps SIEM via SIEM's ingestion API. Information on setting up this integration can be found in Check Point Harmony's SIEM/SOAR Integration documentation page by expanding the "Supported Transport methods" section. Information on the SecOps SIEM ingestion API can be found in our SecOps SIEM documentation. Note that you will need an ingestion API service account credential for the integration, which can currently only be provided by a Google SecOps representative.
May i know where can i get the API service account credential in SecOps Portal?
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.