Event Forwarding - Push to SIEM

Infinity Portal can forward logs to SIEM in three formats: Syslog, LEEF, or CEF.

Prerequisites:

  • The SIEM server must support TLS 1.2.

  • The OpenSSL CLI must be installed on your computer.

  • Make sure your network and SIEM server allow these connections:

File

Source IP Address

FQDN (recommended)

Source Port

EU

20.73.193.110

 

No specific port required

US

20.85.1.184

 

No specific port required

UAE

20.233.160.96/29

whitelist-cidr.ae.datatube.checkpoint.com

514

AUS

20.92.158.64

20.92.158.102

 

No specific port required

File Extensions

File 

Description

<CA>.key

Private key

<CA>.pem

Public key

.csr

Certificate Sign Request

.crt

File you create when you sign the .csr file with the <CA>.key file and the <CA>.pem file.

.pfx

If you use an existing Domain Certificate, this file contains the [CA].key file and <CA>.pem file.

After configuring the destination, add a forwarding rule with this destination. For more information, see Managing Forwarding Rules.