Lookup checkpoint_cef_actions.

[apezuela]

Hi,

In our deployment we had to add some lines in checkpoint_cef_actions to support more actions for that lookup table:

act,action Drop,blocked Decrypt,allowed Encrypt,allowed Accept,allowed Reject,blocked Detect,detected Allow,allowed Block,blocked

Best regards,

[tomkopchak]

Thanks for reaching out and for the recommendation. I can get Allow,allowed and Block,blocked added to this lookup table. Adding an action for Detect/detected is not accounted for in the common information model (CIM) Network Traffic data model (http://docs.splunk.com/Documentation/CIM/4.12.0/User/NetworkTraffic), so in the interest of maintaining CIM compliance we won't be able to add that.

[apezuela]

Hi,

We are using it for url filtering module but in this case, we associate these events with web data model(CIM), we are using it for IDS module and for this case we are using it like Intrusion Detection data model.

Best regards

[apezuela]

We added 2 new sourcetypes for "Application Control" and "URL Filtering" modules logs.

[tomkopchak]

Would you be able to make a merge request with your additions for these sourcetypes? Some of these blades we didn't have available so I'm happy to add support into the TA, and we'd like to give you credit for your work.

[apezuela]

Of course, I will do it as soon i could.

[apezuela]

I am trying to upload my changes but I do not get used to using Github. I created a branch with github desktop but when I want to pusblish the branch I can not. Any help?

[billford]

@apezuela did you get any sort of error message or anything?