Check Point Collection: The Basics

Document created by RSA Information Design and Development Employee on Nov 22, 2016Last modified by RSA Information Design and Development Employee on May 4, 2017
Version 10Show Document
  • View in full screen mode


This guide tells you how to configure Check Point collection protocol which collects events from a Check Point event source such as a firewall or Check Point Log Manager.

How Check Point Collection Works

The Log Collector service collects events from Check Point event sources using OPSEC LEA. OPSEC LEA is the Check Point Operations Security Log Export API that facilitates the extraction of logs.

Deployment Scenario

The following figure illustrates how you deploy the Check Point Collection Protocol in Security Analytics.


Configure Check Point Collection Protocol in Security Analytics

You configure to the Log Collector to use Check Point collection for an event source in the event Source tab of the Log Collector parameter view.  The following figure the basic workflow for configuring an event source for Check Point Collection in Security Analytics.  Please refer to:


Access the Services view.


Select a Log Collection service.
Click AdvcdExpandBtn.PNGunder Actions and select View > Config to display the Log Collection configuration parameter tabs.


Click the Event Sources tab.
Select Check Point as the collection protocol and select Config.
Click Icon-Add.png and select Check Point as the event source category.

The event source category is part of the content you downloaded from LIVE.


Select the Check Point category and click Icon-Add.png.


Specify the basic parameters required for the Check Point event source.
Click AdvcdExpandBtn.PNGand specify additional parameters that enhance how the Check Point protocol handles event collection for the event source.

Configure Event Sources to Use Check Point Collection Protocol

You need to configure each event source that uses the Check Point Collection protocol to communicate with Security Analytics (see Step 1. Configure Check Point Event Sources to Send Events to Security Analytics).

Next Topic:Procedures
You are here
Table of Contents > Check Point Collection Configuration Guide > The Basics