circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Analytics & Use Cases

After Logpoint ingests your logs, you can:

  • Use Search to access and view events.

  • Access and view events in real time through Dashboards.

  • Setup Reports

hashtag
Search

Search Templates are GUI-based search queries, that use base queries or placeholders that are filled in during run time. You can add multiple base queries to a search template and use them to run search queries or create dashboard widgets.

To learn how to create a search query and search template, go to Build a Search Query.

To retrieve and view logs fetched by OPSEC Fetcher use or enter:

col_type = opsec

Sample OPSEC Logarrow-up-right

To retrieve and view logs fetched by OPSEC Fetcher:

col_type = opseca

Sample Adhoc OPSEC Logarrow-up-right

hashtag
Dashboards

Dashboards give you log source data visualization updated in real-time. Out-of-the-box dashboards included with the integration are termed Vendor Dashboards.

You can also create your own dashboard, go to Dashboards for details.

Checkpoint Firewall has 2 vendor dashboards:

chevron-rightLP_CheckPoint Firewallhashtag
Widget Name
Description

Top 10 Allowed Source Addresses

The top 10 allowed source addresses ranked by the number of incoming connections

Top 10 Allowed Destination Addresses

The top 10 destination addresses ranked by the number of outgoing connections

Top 10 Denied Source Addresses

The top 10 sources addresses ranked by the number of denied incoming connections

Top 10 Denied Destination Addresses

The top 10 destination addresses ranked by the number of denied outgoing connections

Allowed/Denied Connections by IP

The devices where connection is allowed or denied

Top 10 Encrypted Connections

The top 10 encrypted connections by their number

Top 10 Decrypted Connections

The top 10 decrypted connections by their number

Top 10 Dropped Connections

The top 10 dropped connections by their number

IP-Port Changed - List

The IP and port change details per user

Secure Remote Login

The secure remote logins between the source address and destination address per user

Log Count by Severity - Timetrend

The event count ranked by the severity from the last 24 hours

Log Count - Timetrend

The event count from the last 24 hours

Top Actions

The top 10 actions performed by firewall devices

Top Protocols

The top 10 protocols used in firewall devices

chevron-rightLP_CheckPoint Firewall Opsechashtag
Widget Name
Description

CheckPoint Actions

The event count grouped by actions in the last one hour

Top 10 Allowed Inbound Connection by Countries

The top 10 countries from where connection to the internal network is allowed

Top 10 Allowed Outbound Connection by Countries

The top 10 countries to where the connection from the internal network is allowed

Top 10 Denied Inbound Connection by Countries

The top 10 countries from where the connection to the internal network is denied

Top 10 Denied Outbound Connection by Countries

The top 10 countries to where the connection from the internal network is denied

Denied Connection - list

The details of top 10 denied connections

Top 10 Protocols

The top 10 protocols used in Firewall devices

Top 10 Denied Destination Ports

The top 10 destination ports ranked by the number of denied connections

Top 10 Firewall Rules Hit

The top 10 firewall rules associated with connections

Top 10 Services

The top 10 services performed by firewall devices

Top 10 Destination Countries by Service

The top 10 countries ranked by the number of services performed by firewall devices

hashtag
Add a Dashboard

After you add the vendor dashboard, you can make a copy of the dashboard and apply any changes that you want.

chevron-rightAdding the CheckPoint Firewall Dashboardshashtag

  1. Open Dashboard settings

    1. Go to Settings >> Knowledge Base from the navigation bar and click Dashboard.

  2. Choose Vendor Dashboard

    1. Select VENDOR DASHBOARD from the drop-down.

  3. Use the vendor dashboard

    1. Click the Use icon from Actions.

  4. Choose Repos

    1. Click Choose Repos.

  5. Select repository

    1. Select the repo configured to store the CheckPoint Firewall logs and click Done.

  6. Select and confirm dashboard

    1. Select the dashboard by its name and click Ok.

    2. The dashboards are located under Dashboards.

hashtag
CheckPoint Firewall Security Reports

Logpoint reports are a collection of data, events and findings based on search result data and are manually generated or automatically scheduled and run.

For more information on how to work with reports, go to Reports.

There are two out-of-the-box reports:

  • LP_CheckPoint Firewall

  • LP_CheckPoint Firewall Opsec

chevron-rightGenerating the CheckPoint Firewall Reportshashtag

  1. Go to Report >> Report Templates from the navigation bar.

  2. Under the Vendor Report Templates, click the Use () icon.

  3. Click the Run this Report () icon.

  4. Select Repos, Time Zone, Time Range and Export Type.

  5. Enter Email.

  6. Click Submit.

circle-info

We do our best to ensure that the content we provide is complete, accurate and up to date. Logpoint makes no representations or warranties of any kind, express or implied about the documentation. We update it on a best-effort basis.

Last updated

Was this helpful?