Source types for the Splunk Add-on for Check Point Log Exporter¶
The Splunk Add-on for Check Point Log Exporter provides the following source types and CIM compatibility.
| Sourcetype | Event type | CIM compliance |
|---|---|---|
cp_log |
cp_tcp_attack | Intrusion Detection |
cp_log |
cp_network_communicate | Network Traffic |
cp_log |
cp_change | Change |
cp_log |
cp_change_audit | Change |
cp_log |
cp_logout_logs | Change |
cp_log |
cp_change_network | Change |
cp_log |
cp_alert | Alerts |
cp_log |
cp_malware_attack | Malware Attacks |
cp_log |
cp_ids_attack | Intrusion Detection |
cp_log |
cp_auth_logs | Authentication |
cp_log |
cp_endpoint_activity | Inventory |
cp_log |
cp_email_logs | |
cp_log |
cp_web | Web |
cp_log:syslog |
cp_tcp_attack | Intrusion Detection |
cp_log:syslog |
cp_network_communicate | Network Traffic |
cp_log:syslog |
cp_change | Change |
cp_log:syslog |
cp_change_audit | Change |
cp_log:syslog |
cp_logout_logs | Change |
cp_log:syslog |
cp_change_network | Change |
cp_log:syslog |
cp_alert | Alerts |
cp_log:syslog |
cp_malware_attack | Malware Attacks |
cp_log:syslog |
cp_ids_attack | Intrusion Detection |
cp_log:syslog |
cp_auth_logs | Authentication |
cp_log:syslog |
cp_endpoint_activity | Inventory |
cp_log:syslog |
cp_email_logs | |
cp_log:syslog |
cp_web | Web |