This is the multi-page printable view of this section. Click here to print.
Check Point
- 1: Anti-Bot
- 2: Anti-Malware
- 3: Anti-Phishing
- 4: Anti-Spam and Email Security
- 5: CPMI Client
- 6: cpmidu_update_tool
- 7: Database Tool
- 8: Edge Secure Web Gateway (Edge SWG)
- 9: Endpoint Compliance
- 10: Endpoint Management
- 11: Forensics
- 12: GO Password Reset
- 13: HTTPS Inspection
- 14: IPS
- 15: MDS Query Tool
- 16: Media Encryption & Port Protection
- 17: Mobile Access
- 18: Next-Generation Firewall (NGFW)
- 19: QoS
- 20: Quantum
- 21: Query Database
- 22: SmartConsole
- 23: SmartUpdate
- 24: Threat Emulation and Anti-Exploit
- 25: URL Filtering
- 26: Web API
1 - Anti-Bot
Anti-Bot: Detects and blocks botnet communications and command-and-control traffic to prevent malware infections.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | anti-bot |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:endpoint | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_EDR.
2 - Anti-Malware
Anti-Malware: Protects endpoints from viruses, ransomware, and other malware using signature and behavior analysis.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | anti-malware |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:endpoint | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_EDR.
3 - Anti-Phishing
Anti-Phishing: Prevents phishing attacks by analyzing email content and links to block credential theft attempts.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | anti-phishing |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:email |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_EMAIL.
4 - Anti-Spam and Email Security
Anti-Spam and Email Security: Blocks spam and malicious email content using reputation checks and email filtering techniques.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | antispam-emailsecurity |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:email |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_EMAIL.
5 - CPMI Client
CPMI Client: Legacy Check Point management client used to interface with security policies and logs.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | cpmi-client |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cp_log | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_FIREWALL.
6 - cpmidu_update_tool
cpmidu_update_tool: Utility used to update configuration and database files for Check Point Multi-Domain environments.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | cpmidu-update-tool |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:audit | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_FIREWALL.
7 - Database Tool
Database Tool: Command-line tool to extract, query, or update Check Point configuration and policy databases.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | database-tool |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:audit | netops |
8 - Edge Secure Web Gateway (Edge SWG)
Edge Secure Web Gateway (Edge SWG): Provides configuration profiles for secure mobile access and web filtering on iOS devices.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | ios-profiles |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:network | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_HARMONY.
9 - Endpoint Compliance
Endpoint Compliance: Checks endpoint status and posture before granting network access, enforcing security policies.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | endpoint-compliance |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:endpoint | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_EDR.
10 - Endpoint Management
Endpoint Management: Centralized platform for managing endpoint protection, updates, and policy enforcement.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | endpoint-management |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:endpoint | netops |
11 - Forensics
Forensics: Analyzes security incidents on endpoints to uncover attack vectors and malicious activity.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | forensics |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:endpoint | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_EDR.
12 - GO Password Reset
GO Password Reset: Facilitates secure password reset processes for users across integrated environments.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | go-password-reset |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:audit | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_AUDIT.
13 - HTTPS Inspection
HTTPS Inspection: Decrypts and inspects HTTPS traffic to detect hidden threats within encrypted web sessions.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | https-inspection |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:firewall | netfw |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_FIREWALL.
14 - IPS
IPS: Detects and blocks known and unknown exploits, malware, and vulnerabilities in network traffic.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | ips |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:ids | netids |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_EDR.
15 - MDS Query Tool
MDS Query Tool: CLI tool for querying multi-domain configurations and policies in Check Point environments.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | mds-query-tool |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| cp_log | netops |
16 - Media Encryption & Port Protection
Media Encryption & Port Protection: Secures USB ports and encrypts removable media to protect sensitive data on endpoints.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | media-port |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:endpoint | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_EDR.
17 - Mobile Access
Mobile Access: Enables secure remote access to corporate apps and data from mobile devices.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | mobile-access |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:network | netops |
18 - Next-Generation Firewall (NGFW)
Next-Generation Firewall (NGFW): Next-generation firewall providing intrusion prevention, application control, and threat protection.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | firewall |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:firewall | netfw |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_FIREWALL.
19 - QoS
QoS: Implements bandwidth control and traffic prioritization policies for optimized network usage.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | qos |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:firewall | netfw |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_FIREWALL.
20 - Quantum
Quantum: Unified threat prevention platform delivering firewall, VPN, and intrusion prevention capabilities.
If you’d like to send data from this source to AxoRouter, contact our support team for details.
21 - Query Database
Query Database: Accesses and queries internal policy or object databases in Check Point systems.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | query-database |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:audit | netops |
22 - SmartConsole
SmartConsole: Graphical interface for managing Check Point security policies, logs, and monitoring.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | smartconsole |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:audit | netops |
23 - SmartUpdate
SmartUpdate: Tool for updating and managing licenses, software, and hotfixes in Check Point environments.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | smartupdate |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:audit | netops |
24 - Threat Emulation and Anti-Exploit
Threat Emulation and Anti-Exploit: Emulates files in a virtual environment to detect and block advanced persistent threats and exploits.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | threat-emulation |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:endpoint | netops |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_EDR.
25 - URL Filtering
URL Filtering: Controls and logs web access based on URL categories and custom site rules to enforce policy.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | url-filtering |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:firewall | netfw |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: CHECKPOINT_FIREWALL.
26 - Web API
Web API: Provides programmatic access to Check Point security management through RESTful API endpoints.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | checkpoint |
| product | web-api |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | source | index |
|---|---|---|
| cp_log | checkpoint:audit | netops |