What Changed
Updated both ASimNetworkSessionCheckPointFirewall and vimNetworkSessionCheckPointFirewall parsers to handle variations in the DeviceVendor field, fixing a parsing failure where logs containing “Check Point” (with space) were not being processed.
Parser Impact
Changed DeviceVendor matching logic from exact string comparison to normalized comparison using replace_string(DeviceVendor, " “,”") =~ “CheckPoint”, allowing both “CheckPoint” and “Check Point” variations to be correctly parsed.
This addresses a data fidelity gap introduced in PR #12056 where logs with spaced vendor names were silently excluded from ASIM normalization. Affected deployments previously lost Check Point firewall network session visibility for logs using the spaced vendor format.
No change to normalized field names or filter logic beyond the vendor matching — safe for existing detections using this parser.
Sample data updated to include both vendor name formats for validation testing.
Affected Files
Parsers/ASimNetworkSession/ARM/ASimNetworkSessionCheckPointFirewall/ASimNetworkSessionCheckPointFirewall.json
Parsers/ASimNetworkSession/ARM/vimNetworkSessionCheckPointFirewall/vimNetworkSessionCheckPointFirewall.json
Parsers/ASimNetworkSession/CHANGELOG/ASimNetworkSessionCheckPointFirewall.md
Parsers/ASimNetworkSession/CHANGELOG/vimNetworkSessionCheckPointFirewall.md
Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCheckPointFirewall.yaml
Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCheckPointFirewall.yaml
Sample Data/ASIM/Check Point_Firewall_NetworkSession_IngestedLogs.csv