Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

checkpoint: improve front page documentation #5627

Merged
merged 1 commit into from
Mar 25, 2023
Merged

checkpoint: improve front page documentation #5627

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
46 changes: 37 additions & 9 deletions packages/checkpoint/_dev/build/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,49 @@
# Check Point Integration

This integration is for [Check Point](https://sc1.checkpoint.com/documents/latest/APIs/#introduction~v1.8%20) products. It includes the
following datasets for receiving logs:
The Check Point integration allows you to monitor [Check Point](http://checkpoint.com/) Firewall logs from appliances running [Check Point Management](https://sc1.checkpoint.com/documents/latest/APIs/#introduction~v1.9%20).

- `firewall` dataset: consists of log entries from the [Log Exporter](
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323)
in the Syslog format.
Use the Check Point integration to collect and parse firewall event logs. Then visualize that data in Kibana, create alerts to notify you if something goes wrong, and reference the firewall data stream when troubleshooting an issue.

For example, you could use the data from this integration to spot unusual network activity and malicious traffic on your network. You could also use the data to review or troubleshoot the rules that have been set up to block these activities. You can do this by looking at additional context in the logs, such as the source of the requests, and more.

## Data streams

The Check Point integration collects one type of data: logs.

**Logs** help you keep a record of events logged by your firewall device.
Logs collected by the Check Point integration include all logged network events specified by the firewall's rules. See more details in the [Logs reference](#logs-reference).

## Compatibility
## Requirements

You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it.
You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware.

You will need one or more Check Point Firewall appliances to monitor.

### Compatibility

This integration has been tested against Check Point Log Exporter on R80.X and R81.X.

## Setup

1. Install Elastic Agent on a host between your Check Point Log Exporter instance and Elastic Cluster. The agent will be used to receive syslog data from your Check Point firewalls and ship the events to Elasticsearch.
2. For each firewall device you wish to monitor, create a new [Log Exporter/SIEM object](https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Log-Exporter-Configuration-in-SmartConsole.htm?tocpath=Log%20Exporter%7C_____2) in Check Point *SmartConsole*. Set the target server and target port to the Elastic Agent IP address and port number. Set the protocol to UDP or TCP, the Check Point integration supports both. Set the format to syslog.
3. Configure the Management Server or Dedicated Log Server object in *SmartConsole*.
4. Install the database within *SmartConsole* (steps included in the Checkpoint docs linked above).
5. Within Kibana, browse to Integrations and locate the Check Point integration, and 'Add Check Point'
6. Configure the TCP or UDP input, depending on the protocol you configured Check Point to use.
7. Add a certificate if using Secure Syslog over TCP with TLS (optional)
8. Add integration to a New/Existing policy.
9. Browse to dashboard/discover to validate data is flowing from Check Point.

This module has been tested against Check Point Log Exporter on R80.X and R81.X.
For step-by-step instructions on how to set up an integration, see the
[Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide.

## Logs
## Logs reference

### Firewall

Consists of log entries from the Log Exporter in the Syslog format.
The Check Point integration collects data in a single data stream, the **firewall** data set. This consists of log entries from the [Log Exporter](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323) in the Syslog format.

{{event "firewall"}}

Expand Down
5 changes: 5 additions & 0 deletions packages/checkpoint/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.18.0"
changes:
- description: Improve documentation.
type: enhancement
link: https://github.com/elastic/integrations/pull/5627
- version: "1.17.0"
changes:
- description: Add dashboards.
Expand Down
46 changes: 37 additions & 9 deletions packages/checkpoint/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,49 @@
# Check Point Integration

This integration is for [Check Point](https://sc1.checkpoint.com/documents/latest/APIs/#introduction~v1.8%20) products. It includes the
following datasets for receiving logs:
The Check Point integration allows you to monitor [Check Point](http://checkpoint.com/) Firewall logs from appliances running [Check Point Management](https://sc1.checkpoint.com/documents/latest/APIs/#introduction~v1.9%20).

- `firewall` dataset: consists of log entries from the [Log Exporter](
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323)
in the Syslog format.
Use the Check Point integration to collect and parse firewall event logs. Then visualize that data in Kibana, create alerts to notify you if something goes wrong, and reference the firewall data stream when troubleshooting an issue.

For example, you could use the data from this integration to spot unusual network activity and malicious traffic on your network. You could also use the data to review or troubleshoot the rules that have been set up to block these activities. You can do this by looking at additional context in the logs, such as the source of the requests, and more.

## Data streams

The Check Point integration collects one type of data: logs.

**Logs** help you keep a record of events logged by your firewall device.
Logs collected by the Check Point integration include all logged network events specified by the firewall's rules. See more details in the [Logs reference](#logs-reference).

## Compatibility
## Requirements

You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it.
You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware.

You will need one or more Check Point Firewall appliances to monitor.

### Compatibility

This integration has been tested against Check Point Log Exporter on R80.X and R81.X.

## Setup

1. Install Elastic Agent on a host between your Check Point Log Exporter instance and Elastic Cluster. The agent will be used to receive syslog data from your Check Point firewalls and ship the events to Elasticsearch.
2. For each firewall device you wish to monitor, create a new [Log Exporter/SIEM object](https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Log-Exporter-Configuration-in-SmartConsole.htm?tocpath=Log%20Exporter%7C_____2) in Check Point *SmartConsole*. Set the target server and target port to the Elastic Agent IP address and port number. Set the protocol to UDP or TCP, the Check Point integration supports both. Set the format to syslog.
3. Configure the Management Server or Dedicated Log Server object in *SmartConsole*.
4. Install the database within *SmartConsole* (steps included in the Checkpoint docs linked above).
5. Within Kibana, browse to Integrations and locate the Check Point integration, and 'Add Check Point'
6. Configure the TCP or UDP input, depending on the protocol you configured Check Point to use.
7. Add a certificate if using Secure Syslog over TCP with TLS (optional)
8. Add integration to a New/Existing policy.
9. Browse to dashboard/discover to validate data is flowing from Check Point.

This module has been tested against Check Point Log Exporter on R80.X and R81.X.
For step-by-step instructions on how to set up an integration, see the
[Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide.

## Logs
## Logs reference

### Firewall

Consists of log entries from the Log Exporter in the Syslog format.
The Check Point integration collects data in a single data stream, the **firewall** data set. This consists of log entries from the [Log Exporter](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323) in the Syslog format.

An example event for `firewall` looks as following:

Expand Down
2 changes: 1 addition & 1 deletion packages/checkpoint/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: checkpoint
title: Check Point
version: "1.17.0"
version: "1.18.0"
release: ga
description: Collect logs from Check Point with Elastic Agent.
type: integration
Expand Down