Are logs encrypted coming from source to the Envision box?
We have just started gathering Checkpoint logs. Since we are in a managed envrionment, these logs are coming accross the internet. I am told it is a company owned backbone and is secure but would be more comfortable if I knew they could not be hacked. We are using OPSEC authentication, but that only authenticates the endpoints. Are the logs readable as the cross the wire? What are my options?
it depends on the collection method. i gather that u are using syslog for your checkpoint logs and unfortunately, syslog logs are in the clear. from what i understand, only sftp and windows events collected using the new windows eventing collector are/can be encrypted