What is a one sentence summary of your feature request?
Add support for CheckPoint firewalls as a Syslog data collection ‘Item’ within the Network Device monitoring module.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
We use the ‘Network Device Monitoring’ data source to monitor cisco meraki devices, and it works fantastic. Alerting on firewall changes in real-time, specifically comparing old to new values is definitely a weakness in our process. Being able to monitor/alert/report on firewall changes from CheckPoint firewalls, would be a big value add for our security team.
How do you currently solve the challenges you have by not having this feature?
We currently build out custom reports from the centralized monitoring application provided by the vendor.
Support for CheckPoint firewalls within the Network Devices is a great idea — thanks for bringing this up.
To better understand how we can approach this, could you please provide the CheckPoint model and firmware version you’re currently using? Our existing modules are typically optimized for collecting authorization events and basic configuration changes.
Additionally, if you’re able to share a few sample Syslog messages from the CheckPoint device (with any sensitive data redacted), that would be extremely helpful. This will allow us to evaluate the format and content more quickly and determine how well we can integrate them into our product.
Thanks again for the suggestion — we look forward to your reply!