Reports for Check Point Devices

What is in this guide
Introduction
- Overview
- Release Notes
Setup the Product
- What's in this section
- System Requirements
- Prerequisites
- Install and Uninstall
- Start and Shutdown
- Connect to Server
- Backing up database
- Increasing Product Memory
- License Details
- Get Started
- Service Account Permission
Add Log Sources
- What's in this section
- Adding Windows Devices
- Adding Syslog Devices
- Adding CEF devices
- Adding Other Devices
- Adding IBM iseries(AS400) devices
- Adding VMware(Exsi) devices
- Adding vCenter
- Adding Application Sources
- Adding AWS EC2 Windows instance
- Configuring Syslog Service
User Interface
- Tabs
- Dashboard Views
- Customize Dashboard Views
- Log Receiver
- Global Search
EventLog Analyzer Reports
- Reports - Overview
- Configuring out-of-the-box reports
- Managing Predefined Reports
- Managing Report Views
- Create Custom Reports
- Schedule Reports
- Mark report as favourite
- Available Reports
Threat Intelligence Data Analytics
- Overview
- FireEye Threat Solutions
- Symantec Endpoint Solutions
- Symantec DLP Applications
- Malwarebytes Solutions
- CEF format
- Configuring McAfee solutions for analysis
Vulnerability Data Analytics
- Overview
- Vulnerability reports
Real-time Event Correlation
- Understanding Correlation
- Correlation Reports
- Last Ten Incidents Overview
- Activity Reports
- Creating Custom Correlation Rules
- Managing Correlation Rules
Compliance
- Compliance Reports
- Risk Posture
  - Overview
  - SQL Server
Search Logs
- Overview
- How to Search Logs
- How to Extract New Fields
- How to Tag Fields
Threat investigation
- Incident workbench
- Device Summary
Alerts
- Overview
- Create Alert Profile
- View Log Alerts
- Alert Notification & Remediation
- Ticketing Tools Integration
- Manage alert Profiles
- Bulk Deleting/Updating Alerts
Incident Management
- Create and assign workflow profiles
- Incident Workflow Management
Framework Integration
- MITRE ATT&CK TTP(S) Framework Integration
Configurations
- What's in this section
- Device Management
- Applications
- Database Audit
- File Integrity Monitoring
- Manage security applications
- Adding custom threat sources
- Advanced Threat Analytics
- Threat Whitelisting
- Threat Import
- Switching threat stores
- Manage Vulnerability Data
- Device Group Management
- VM Management
- Log Forwarder
- Manage Cloud Sources
Admin Settings
- Admin Settings
- Privacy Settings
- Agent Administration
  - Agent Administration
  - Agent Settings
- Archive
- Technicians and Roles
- Logon Settings
- Security hardening
- Reset Account Settings
- Domains and Workgroups
- Working Hour Settings
- Product Settings
- API Settings
  - API Settings
  - Get log sources
  - Get log fields
  - Get log types
  - Synchronous search
  - Asynchronous search
  - Jobs endpoint
  - Jobs Result endpoint
  - Get alert profiles
  - Synchronous alerts
  - Asynchronous alerts
- Retention Settings
- Log Collection Filter
- Log Collection Alerts
- Report Profiles
- Custom Log Parser
- Tags
- Profiles
- Database settings
  - Database auto backup
  - Database migration
System Settings
- System Settings
- Notification Settings
- Manage Account TFA
- Install EventLog Analyzer as a service
- Connection Settings
- Re-branding
- System Diagnostics
- Port Management
Help, Questions, and Tips
- Troubleshooting Tips
- Frequently Asked Questions
- EventLog Analyzer Help
Additional Utilities
- Additional Utilities
- Data Migration
- Working with HTTPS
- Configure MS SQL Database
- Migrate data from PostgreSQL to MS SQL database
- Migrate data from MySQL to MS SQL database
- Move Database to Different Directory in the Same Server
- Move Installation to Another Machine
- Configurations after changing the EventLog Analyzer server Hostname/IP address
- Move Installation to Different Directory in the Same Server
- Configuring NAT Settings
- Disk monitoring for search nodes
- SSL/TLS Settings for Elasticsearch
- Configuring DNS servers
Distributed Edition
- Introduction to Distributed Edition
- Prerequisites for converting EventLog Analyzer standalone to distributed edition
- Converting standalone installation to Admin Server
- Converting standalone installation to Managed Server
- Manage Server Settings
- Setting up auto upgrade
- Auto-upgrade guidelines
- Frequently Asked Questions
- Centralized log archival
Search Engine - Elasticsearch
- Data Upgrade
Technical Support
- Technical Support
- Create SIF offline
- Contact Support

Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

CheckPoint reports

EventLog Analyzer supports CheckPoint Firewall and provides out-of-box reports for:

CheckPoint Events: Information on all events on CheckPoint devices.

Firewall Allowed and Denied Traffic: Insights on traffic based on source, destination, protocol and port, also provides a report on traffic trends.

Successful and Failed Logons: Insights on successful and failed logons categorized based on the user, the source, and the general trend.

Firewall Accounts Management: Reports on user and user group added or deleted.

Configuration: Reports on configuration changes, interface status and executed commands.

Firewall IDS/IPS Events: Insights on attacks based on source and destination IP address and attack trends.

System Events: Reports on system shutdowns and clock updates.

Device Severity: Emergency, alerts, critical, error, warning, and notice events.

CheckPoint reports dashboard

Go to the Reports section. Navigate to Network Devices and select CheckPoint from the displayed list of devices.

You can set filter criteria for events based on Source, Severity and Device and Message.

Use logical operators as required to create the filter criteria.

Select the Period for which you want the data to be displayed and click Apply.

The graphs can be viewed in different formats.

To quickly export the report in view, click Export as and choose the format. Once done, you can download the report.

Click Scheduled Reports to have this report exported and emailed periodically.

Click More for further customization options.

Set as Default, to set this report as the default for CheckPoint reports.
Add to Favorites, to mark this report as favorite.
Pin to dashboard, to pin this report to the main dashboard in the Home page.

CheckPoint reports

CheckPoint reports dashboard

Don't see what you're looking for?

Visit our community

Request additional resources

Need implementation assistance?