Could you please let me know if Checkpoint Firewall can be monitored using McAfee SIEM? If yes, please let me know what versions of Gaia are supported and also relevant documents if any.
There is a receiver for CheckPoint, however, if you go above version R77.x the OPSEC connector breaks and you cannot connect. We've got a ticket open on this since early January when our firewall people upgraded our CheckPoint environment to version R80. It broke our data source connector and as a result we're unable to collect logs or get alerts from the CheckPoint. It's a serious compliance and record keeping issue for us (county government) and we're really surprised that McAfee fell behind on the data source updates on this, as the R80 version has been out since the middle of last year.
Many promises of hot patches and updates from McAfee, to-date we've seen nothing.
We've seen issue with as low as 77.20 and .30.
Depending on the encryption Auth settings we get different and inconsistent results.
Have you considered removing encryption, and/or Auth.
We got serious improvement in stability by reducing removing them.
Also try restarting the opsec collector service.
just doing a killall or kill -9 on it will cause it to restart and start pulling in data.
It's not a good solution but might get you over the hump.
MR9 has the fix for the issue with the OPSEC connector that we encountered. McAfee worked with us since January in coming up with a hotfix that was applied to our system successfully back in February and was later incorporated in to the MR9 release.
All is well now and working as expected, thanks to McAfee and their diligence in getting this sorted out.