Event Forwarding
Event Forwarding is an easy and secure method to export Infinity Portal data. You can forward logs, events, and saved application data from your Check Point Infinity Portal account to a SIEM (Security Information and Event Management) provider, such as Splunk, QRadar, or ArcSight. The SIEM server processes large amounts of data and shows it on dashboards or notifications. To set up Event Forwarding, you must purchase a required contract for log forwarding or log exporter and use certificates to establish secure communication between Infinity Portal and your SIEM server.
Infinity Portal provides two forwarding methods, with which you can:
-
Push to SIEM - Forward logs to SIEM by Syslog, LEEF, or CEF with mTLS. For more information, see Event Forwarding - Push to SIEM
-
Forward to storage account (Pull) - Send logs to the Check Point Azure storage account that provides access to JSON logs. For more information, see Event Forwarding to Storage Account
|
Aspect |
Push to SIEM |
Pull from Storage |
|---|---|---|
|
Definition |
Portal actively sends events to SIEM |
SIEM polls and retrieves events from Azure blob storage |
|
Delivery Method |
Real-time push via HTTPS |
Manual or scheduled pull from Azure blob storage |
|
Configuration |
SIEM endpoint URL + authentication credentials + .CSR + .CRT |
Azure storage account details + access credentials |
|
Connectivity |
Requires continuous connectivity to SIEM |
SIEM can pull later; less dependent on uptime |
|
Security |
HTTPS + token-based authentication |
Secure bucket access + IAM policies |
|
Use Cases |
Real-time monitoring and alerting |
Environments with intermittent connectivity |
|
Destinations |
Up to three SIEM destinations |
One destination |
|
Cost |
More expensive |
Less expensive |
|
|
Important - Event Forwarding requires a dedicated license. For more information about the license, see sk182879 - Infinity Portal Event Forwarding - Troubleshooting. |
Use Case
A typical use case is an organization that uses several security vendors, along with Check Point, to protect itself from cyber attacks. The organization uses an external analytics platform to see all data from every vendor in a single pane of glass.
Supported Infinity Portal Services
Event Forwarding can send data from these Infinity Portal services:
-
CloudGuard WAF
-
Harmony Browse
-
Harmony Connect
-
Harmony Email & Collaboration
-
Harmony Endpoint
-
Harmony Mobile
-
Harmony SASE
-
Quantum Security Management (Smart-1 Cloud)
-
Quantum Spark Management