{ "name": "checkpoint", "title": "Check Point", "version": "1.45.4", "release": "ga", "description": "Collect logs from Check Point with Elastic Agent.", "type": "integration", "download": "/epr/checkpoint/checkpoint-1.45.4.zip", "path": "/package/checkpoint/1.45.4", "icons": [ { "src": "/img/checkpoint-logo.svg", "path": "/package/checkpoint/1.45.4/img/checkpoint-logo.svg", "title": "Check Point", "size": "761x341", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "security", "network", "firewall_security" ], "signature_path": "/epr/checkpoint/checkpoint-1.45.4.zip.sig", "format_version": "3.0.3", "readme": "/package/checkpoint/1.45.4/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/overview.png", "path": "/package/checkpoint/1.45.4/img/overview.png", "title": "Check Point - Overview", "size": "1024x1076", "type": "image/png" }, { "src": "/img/addresses_and_ports.png", "path": "/package/checkpoint/1.45.4/img/addresses_and_ports.png", "title": "Check Point - Addresses and Ports", "size": "1024x1076", "type": "image/png" }, { "src": "/img/time_and_traffic.png", "path": "/package/checkpoint/1.45.4/img/time_and_traffic.png", "title": "Check Point - Time and Traffic", "size": "1024x798", "type": "image/png" }, { "src": "/img/time_and_place.png", "path": "/package/checkpoint/1.45.4/img/time_and_place.png", "title": "Check Point - Time and Place", "size": "1024x1041", "type": "image/png" } ], "assets": [ "/package/checkpoint/1.45.4/LICENSE.txt", "/package/checkpoint/1.45.4/changelog.yml", "/package/checkpoint/1.45.4/manifest.yml", "/package/checkpoint/1.45.4/validation.yml", "/package/checkpoint/1.45.4/docs/README.md", "/package/checkpoint/1.45.4/img/addresses_and_ports.png", "/package/checkpoint/1.45.4/img/checkpoint-logo.svg", "/package/checkpoint/1.45.4/img/overview.png", "/package/checkpoint/1.45.4/img/time_and_place.png", "/package/checkpoint/1.45.4/img/time_and_traffic.png", "/package/checkpoint/1.45.4/kibana/tags.yml", "/package/checkpoint/1.45.4/data_stream/firewall/manifest.yml", "/package/checkpoint/1.45.4/data_stream/firewall/sample_event.json", "/package/checkpoint/1.45.4/docs/knowledge_base/service_info.md", "/package/checkpoint/1.45.4/kibana/dashboard/checkpoint-259c5770-bd5b-11ed-b58e-dda7b2de7340.json", "/package/checkpoint/1.45.4/kibana/dashboard/checkpoint-71094a90-bd49-11ed-b58e-dda7b2de7340.json", "/package/checkpoint/1.45.4/kibana/dashboard/checkpoint-840b87b0-bd68-11ed-bda5-b56d80cf13c4.json", "/package/checkpoint/1.45.4/kibana/dashboard/checkpoint-e4daa100-bcb1-11ed-b8ec-2fbdd87e0d2f.json", "/package/checkpoint/1.45.4/data_stream/firewall/fields/agent.yml", "/package/checkpoint/1.45.4/data_stream/firewall/fields/base-fields.yml", "/package/checkpoint/1.45.4/data_stream/firewall/fields/beats.yml", "/package/checkpoint/1.45.4/data_stream/firewall/fields/ecs.yml", "/package/checkpoint/1.45.4/data_stream/firewall/fields/fields.yml", "/package/checkpoint/1.45.4/data_stream/firewall/agent/stream/log.yml.hbs", "/package/checkpoint/1.45.4/data_stream/firewall/agent/stream/tcp.yml.hbs", "/package/checkpoint/1.45.4/data_stream/firewall/agent/stream/udp.yml.hbs", "/package/checkpoint/1.45.4/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "checkpoint", "title": "Check Point logs", "description": "Collect logs from Check Point instances", "inputs": [ { "type": "logfile", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": true }, { "name": "internal_zones", "type": "text", "title": "Internal Zones", "multi": true, "required": false, "show_user": false, "default": [ "trust" ] }, { "name": "external_zones", "type": "text", "title": "External Zones", "multi": true, "required": false, "show_user": false, "default": [ "untrust" ] } ], "title": "Collect Check Point firewall logs (input: logfile)", "description": "Collecting firewall logs from Check Point instances (input: logfile)" }, { "type": "tcp", "vars": [ { "name": "syslog_host", "type": "text", "title": "Syslog Host", "description": "The IP address or hostname for the Elastic Agent to listen on. Use `0.0.0.0` to listen on all available network interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "syslog_port", "type": "integer", "title": "Syslog Port", "multi": false, "required": true, "show_user": true, "default": 9001 }, { "name": "internal_zones", "type": "text", "title": "Internal Zones", "multi": true, "required": false, "show_user": false }, { "name": "external_zones", "type": "text", "title": "External Zones", "multi": true, "required": false, "show_user": false } ], "title": "Collect Check Point firewall logs (input: tcp)", "description": "Collecting firewall logs from Check Point instances (input: tcp)" }, { "type": "udp", "vars": [ { "name": "syslog_host", "type": "text", "title": "Syslog Host", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "syslog_port", "type": "integer", "title": "Syslog Port", "multi": false, "required": true, "show_user": true, "default": 9001 }, { "name": "internal_zones", "type": "text", "title": "Internal Zones", "multi": true, "required": false, "show_user": false }, { "name": "external_zones", "type": "text", "title": "External Zones", "multi": true, "required": false, "show_user": false } ], "title": "Collect Check Point firewall logs (input: udp)", "description": "Collecting firewall logs from Check Point instances (input: udp)" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "checkpoint.firewall", "title": "Check Point firewall logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" } ], "template_path": "udp.yml.hbs", "title": "Check Point firewall logs (syslog over UDP)", "description": "Collect Check Point firewall logs using udp input", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "tcp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate: \"/etc/server/cert.pem\"\n#key: \"/etc/server/key.pem\"\n" }, { "name": "tcp_options", "type": "yaml", "title": "Custom TCP Options", "description": "Specify custom configuration options for the TCP input. See [TCP](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html) for details.", "multi": false, "required": false, "show_user": false, "default": "#max_connections: 1\n#framing: delimiter\n#line_delimiter: \"\\n\"\n" }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" } ], "template_path": "tcp.yml.hbs", "title": "Check Point firewall logs (syslog over TCP)", "description": "Collect Check Point firewall logs using tcp input", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "logfile", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" } ], "template_path": "log.yml.hbs", "title": "Check Point firewall logs (log)", "description": "Collect Check Point firewall logs using log input", "enabled": true, "ingestion_method": "File" } ], "package": "checkpoint", "path": "firewall" } ] }