Hi, I too have the same issue, Red Flag on Checkpoint Significantly behind in Processing Data. The is no Time Zone Field on the data source which can be adjusted to correct such issues on some other datasources. My Checkpoint is as in a seperate county ( TimeZone ) than the ESM. I wonder if this is a factor.
Anyone have a answer.
Was you environment updated to 9.4.1MR2? I have the same issue after upgrading.
If you run the streaming viewer on the Check Point data source are you seeing the backlog of data coming in?
We had the same issue on our Check Points, ASA's,Unix/Linux environment and it was due to a bug.
You can just verifify it with support.
McAfee support provided the following fix for 9.4.1 bug 1013935.
You need to log a support call in which they will verify the device data on ESM/ERC.