Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
gvaltas
Captain
Captain
‎2021-02-22 10:18
106 views

ArcSight - Integration with Checkpoint Sandblast Agent Logs

Hi all,

Have ever anyone integrated Sandblast agent alert logs (EDR solution from CheckPoint) with ArcSight?

In the following link: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/SandBlast-Agent-Admin-Guide/Topics-SBA-AG/Log-Exporter.htm?TocPath=_____19

it is mentioned that Log Exporter can be used for log extraction and sent to remote syslog server using CEF format.

I have tested the Log Exporter for the rest of the Checkpoint Logs (Log Exporter CEF/Management Console) but not the Sandblast agent logs.

Thank you,

Greg

Reply
Report Inappropriate Content
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.