Check Point Firewall Template
Using the Standard Datasource Events
The following table shows the Standard Datasource Events on which the template can be used to control the information that is received and actioned in your security schema.
|
Action |
Subaction |
Condition (Line Matching) |
| User Activity | ||
|
Logoff |
Logoff |
|
| Successful Login | Interactive Login | |
| Successful Login | Successful Login | |
| Successful Login | Successful VPN Login | |
| Network Access | Network Access Accepted | |
| Network Access | Network Access Blocked | |
| Network Access | Network Access Ended | |
| Network Access | Network Access Monitored | |
| Network Access | Network Access Quarantined | |
| Network Access | Network Access Suspended | |
| Network Access | Network Connection Decrypted | |
| Network Access | Network Connection Encrypted | |
| Network Access | Network Connection Routed | |
| Network Access | Traffic Bypass | |
| Network Access | Traffic Impact | |
| Network Access | Network Access Rejected | |
Standard Datasource Events Variable Selections and Mapping
These fields configure how the original event fields are mapped into the normalized variables using the CEF Syslog Receiver. If you want to enrich the event using default values, leave the "Value" text box empty and the configured "Default Value" will be used instead.
| VARIABLE | VALUE |
|---|---|
| Event Time (Source Timezone) | [Event.Event_Time_(Source_Timezone)] |
| Event Timezone Offset | [Event.Event_timezone_offset] |
| Complete Message | [Event.Raw_Message] |
| Protocol | [CEF.app] |
| Destination Machine Name | [CEF.dhost] |
| User Name | [CEF.duser] |
| Operator Name | [CEF.suser] |
| Source Machine Name | [CEF.shost] |
|
Additional Information 1 |
[CEF.msg] |
| User Group/Role | [CEF.cs3] |
| Variable 01 | [CEF.cs1Label]: [CEF.cs1] |
| Variable 02 | [CEF.cs2Label]: [CEF.cs2] |
| Variable 03 | [CEF.cs3Label]: [CEF.cs3] |
| Variable 04 | [CEF.cs4Label]: [CEF.cs4] |
| Variable 05 | [CEF.cs5Label]: [CEF.cs5] |
| Variable 06 | [CEF.cs6Label]: [CEF.cs6] |
| Variable 07 | [CEF.flexNumber1Label]: [CEF.flexNumber1] |
| Variable 08 | [CEF.flexNumber2Label]: [CEF.flexNumber2] |
| Variable 09 | [CEF.flexString1Label]: [CEF.flexString1] |
| Variable 10 | [CEF.flexString2Label]: [CEF.flexString2] |
| Object Name | [CEF.fname] |
| Additional Information 2 | [CEF.reason] |
| Variable 11 | [CEF.request] |
| Variable 12 | [CEF.requestClientApplication] |
| Variable 13 | [CEF.requestContext] |
| Variable 14 | [CEF.requestCookies] |
| Variable 15 | [CEF.requestMethod] |
| Source Machine IP Address | [CEF.src] |
| Destination Machine IP Address | [CEF.dst] |
| Variable 16 | Source Port: [CEF.spt] |
| Variable 17 | Destination Port: [CEF.dpt] |