Check Point Smart Defense: ASIM NetworkSession Parser Expands Threat Prevention Visibility

What Changed

Added ASIM NetworkSession parsers for Check Point Smart Defense logs, enabling normalized analysis of threat prevention events from Check Point Smart Defense appliances through CEF Data Connector.

Parser Impact

The new parsers (ASimNetworkSessionCheckPointSmartDefense and vimNetworkSessionCheckPointSmartDefense) normalize Check Point Smart Defense logs to the ASIM NetworkSession schema version 0.2.7. Key field mappings include:

• Network connection metadata (source/destination IPs, ports, protocols)
• Threat prevention rule names and IDs from Smart Defense policies
• Protection types and confidence scores (0-5 scale mapped to 0-100%)
• Device actions (Reject→Deny, Accept→Allow, Prevent→Deny, Detect→Deny)

The parsers extract threat intelligence fields including protection names, attack information, and confidence levels for enhanced threat context.

Security Impact

Queries referencing ASIM NetworkSession fields against Check Point Smart Defense data now return normalized results instead of null - this closes a data fidelity gap for environments using Smart Defense threat prevention. SOC teams can now use source-agnostic detections and hunting queries that work across multiple firewall vendors including Check Point Smart Defense.

Affected Files

ASIM/dev/ASimTester/ASimTester.csv
Parsers/ASimNetworkSession/ARM/ASimNetworkSession/ASimNetworkSession.json
Parsers/ASimNetworkSession/ARM/ASimNetworkSessionCheckpointSmartDefense/ASimNetworkSessionCheckpointSmartDefense.json
Parsers/ASimNetworkSession/ARM/ASimNetworkSessionCheckpointSmartDefense/README.md
Parsers/ASimNetworkSession/ARM/FullDeploymentNetworkSession.json
Parsers/ASimNetworkSession/ARM/imNetworkSession/imNetworkSession.json
Parsers/ASimNetworkSession/ARM/vimNetworkSessionCheckpointSmartDefense/README.md
Parsers/ASimNetworkSession/ARM/vimNetworkSessionCheckpointSmartDefense/vimNetworkSessionCheckpointSmartDefense.json
Parsers/ASimNetworkSession/CHANGELOG/ASimNetworkSession.md
Parsers/ASimNetworkSession/CHANGELOG/ASimNetworkSessionCheckPointSmartDefense.md
Parsers/ASimNetworkSession/CHANGELOG/imNetworkSession.md
Parsers/ASimNetworkSession/CHANGELOG/vimNetworkSessionCheckPointSmartDefense.md
Parsers/ASimNetworkSession/Parsers/ASimNetworkSession.yaml
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCheckpointSmartDefense.yaml
Parsers/ASimNetworkSession/Parsers/imNetworkSession.yaml
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCheckpointSmartDefense.yaml
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCorelightZeek.yaml