Connect Check Point to Azure Sentinel

This article explains how to connect your Check Point appliance to Azure Sentinel. The Check Point data connector allows you to easily connect your Check Point logs with Azure Sentinel, to view dashboards, create custom alerts, and improve investigation. Using Check Point on Azure Sentinel will provide you more insights into your organization’s Internet usage, and will enhance its security operation capabilities.​

Forward Check Point logs to the Syslog agent

Configure your Check Point appliance to forward Syslog messages in CEF format to your Azure workspace via the Syslog agent.

  1. Go to Check Point Log Export.
  2. Scroll down to Basic Deployment and follow the instructions to set up the connection, using the following guidelines:
    • Set the Syslog port to 514 or the port you set on the agent.
      • Replace the name and target-server IP address in the CLI with the Syslog agent name and IP address.
      • Set the format to CEF.
  3. If you are using version R77.30 or R80.10, scroll up to Installations and follow the instructions to install a Log Exporter for your version.
  4. Continue to STEP 3: Validate connectivity.

Next steps

In this document, you learned how to connect Check Point appliances to Azure Sentinel. To learn more about Azure Sentinel, see the following articles: