Event Forwarding

Event Forwarding is an easy and secure procedure to export Infinity Portal data over the Syslog protocol. You can forward logs, events, and saved application data from your Check Point Infinity Portal account to a SIEM (Security Information and Event Management) provider, such as Splunk, QRadar, or ArcSight. The SIEM providers process large amounts of data and present it for analysis in created dashboards or sent notifications.

Use Case

A typical use case is an organization that uses a number of security vendors, along with Check Point, to protect itself from cyber attacks. The organization uses an external analytics platform to see all data from every vendor in a single pane of glass.


To forward your data from the Infinity Portal to an external analytics platform, you must configure these entities:

  1. Set the Destination - Details of your SIEM platform.

  2. Create a Forwarding Rule - A set of conditions for data forwarding.

  3. To enable this connection, open a specified port on your inbound server.

  4. To secure your server and not expose all IPv4 addresses, you must configure the server to listen to a specific IP address based on region.


    IP Addresses















How to Create a New Destination

How to Manage Rules

On the Events page, Forwarding Rules show with the rule name, the services you forward data from, and the name of the destination to which you forward the data.

To add a new Forwarding Rule:

Click the [+] icon or the + Add.

To edit a Forwarding Rule

Put the cursor on the rule and click , then select Edit. Change the rule settings as necessary.

To delete a Forwarding Rule

Put the cursor on the rule and click , then select Delete.

How to Manage Destinations

After you configure destination(s) for an external-analytics platform, you can review, edit, search, and delete them in the Manage Destinations window.