Check Point FW1/VPN1 - Learn more about collecting Check Point FW1/VPN1 logs using a Syslog Collector applet and content pack integration in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex

Check Point FW1/VPN1 - Learn more about collecting Check Point FW1/VPN1 logs using a Syslog Collector applet and content pack integration in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-04

Category

Administrator Guide

Abstract

Learn more about collecting Check Point FW1/VPN1 logs using a Syslog Collector applet and content pack integration in Cortex XSIAM.

You can configure collecting Check Point FW1/VPN1 logs using a Broker VM Syslog Collector applet or with a content pack integration:

Check Point FW1/VPN1 vendor	Description
Syslog Collector applet overview	If you use Check Point FW1/VPN1 firewalls, you can forward Check Point firewall logs to Cortex XSIAM using the Broker VM Syslog Collector applet in a CEF format.
Link to Syslog Collector applet instructions	Ingest logs from Check Point firewalls
Link to content pack/integration details	The Check Point Firewall content pack manages Check Point firewall devices via API, allowing the reading information, sending commands, and orchestrating configuration and blocking actions. It contains a modeling rule (`CheckPoint Firewall Collection`) and several playbooks (for example Checkpoint - Block IP - Append Group, Checkpoint - Publish&Install configuration, Checkpoint - Block IP - Custom Block Rule, and Checkpoint - Block URL). It also includes the following integration: CheckPoint Firewall v2: Use this integration to read information and send commands to the Check Point Firewall server. It includes commands for handling threat protection and profiles, such as `checkpoint-set-threat-protection` and `checkpoint-add-threat-profile`.