Release notes for the Splunk Add-on for Check Point Log Exporter¶
Version 1.2.0 of the Splunk Add-on for Check Point Log Exporter was released on February 15, 2024.
About this release¶
Version 1.2.0 of the Splunk Add-on for Check Point Log Exporter is compatible with the following software, CIM versions, and platforms.
| Component | Description |
|---|---|
| Splunk platform versions | 9.0.x, 9.1.x |
| CIM | 5.3.1 |
| Platforms | Platform independent |
| Vendor Products | Check Point Software R81, R81.10, R81.20, Check Point Endpoint client version E84.30, E86.20, E87.50, Check Point Management server version: R80.40, R81.10, R81.20 |
New features¶
- Added support for Checkpoint Log Exporter server vR81.20
- Events related to “logout” will now be mapped under Change:Account_Management DM instead of Change:All_Changes
- Modified CIM field extractions for file_name & file_path
- file_name will now contain only the name of the file and not the path of the file
- file_path value will have the absolute path of the file including the file_name
- In events of source
checkpoint:ids_malware, the events which haveprotection_type = "URL Reputation"will now fall under Web CIM data model instead of Malware or Intrusion Detection data model - Enhanced extractions for user related fields - user, user_name, src_user, src_user_name
- If the event has user detail such as “john doe (jdoe)”, then
user_name,src_user_namewill be extracted as “john doe” anduser,src_userwill be extracted as “jdoe”. - Else the extracted values will be intact.
- If the event has user detail such as “john doe (jdoe)”, then
- Enhanced extraction of “result” CIM field for better coverage in
checkpoint:auditsource events - Provided support of the latest CIM version - v5.3.1
- Updated SC4S filter for compatibility with new Checkpoint Blade data
- Added support of new Checkpoint Blades and the details of assigned source and CIM data models are mentioned below
| Product | source | Data model supported |
|---|---|---|
| Check Point GO Password Reset | checkpoint:audit | Change |
| Database Tool | checkpoint:audit | Change |
| cpmidu_update_tool | checkpoint:audit | Change |
| query-datebase | checkpoint:audit | Change |
| FG VPN-1 & FireWall-1 | checkpoint:firewall | Network Traffic |
| Qos | checkpoint:firewall | Network Traffic |
| MTA | checkpoint:email | |
| Anti Spam and Email Security | checkpoint:email | |
| Anti Phishing | checkpoint:email |
Fixed issues¶
Version 1.2.0 of the Splunk Add-on for Check Point Log Exporter contains the following fixed issues:
- Resolved reference cycle issue in the lookups for the sourcetypes
cp_logandcp_log:syslog.
Known issues¶
Version 1.2.0 of the Splunk Add-on for Check Point Log Exporter has the following known issues. If none appear, none have been reported: