McAfee SIEM Integration With CheckPoint

elearninginfoit

checkpoint checkpoint integration checkpoint integration with siem checkpoint with mcafee siem elearninginfoit epo esm esm integration with checkpoint mcafee mcafee enterprise security manager mcafee esm mcafee esm integration mcafee siem siem and checkpoint integration siem checkpoint siem integration siem integration checkpoint

description

Hi Guys Welcome to elearninginfoit my name is rajesh i just inform about this video only for Training ,Tutorials and Education purpose More information about this video so read this description you will get everything about it

Product Guide https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25238/en_US/CheckPoint.pdf

Introduction This guide details how to configure Check Point to allow the Receiver to pull events from the OPSEC LEA client. 2 Prerequisites McAfee Enterprise Security Manager Version 9.2.0 and above. In order to configure Check Point, appropriate administrative level access is required to perform the necessary changes documented below. Check Point Page 5 3 Specific Data Source Configuration Details 3.1 Check Point Configuration 3.1.1 Enable LEA service on the Check Point management server

SSH to the Check Point management server
Enter expert mode
Open $FWDIR/conf/fwopsec.conf and edit the file according to the type of authentication you want to use. Recommend is Authenticated and encrypted. For Authenticated and encrypted connection, specify: lea_server auth_port 18184 lea_server auth_type sslca (or other supported method ) For Authenticated Connection only, specify: lea_server auth_port 18184 For no authentication or encryption, specify: lea_server port 18184
Run “cprestart” 3.1.2 Create an OPSEC Application
Log in to the Check Point user interface.
Expand the OPSEC Applications tree node and right-click on the OPSEC Application category
Select “New OPSEC Application”
Enter a name for the OPSEC Application (Will be used later on when creating the data source in the SIEM.)
Select a host from the “Host” field and select the network object that represents the McAfee Event Receiver. If the object does not exist, create one by clicking the “New” button and entering the IP of the Receiver.
Leave the “Vendor” field as the default selection “User Defined”.
Select the “LEA” checkbox in the “Client Entries” section Steps 7-10 only needed if using authentication
Click on the “Communication” button, located near the bottom of the dialog.
Enter and confirm your one-time password.
Click the “Initialize” button. This will initialize the certificate and you will see the message “Initialized but trust not established.”
Close the “Communication” dialog
Click “OK” on the OPSEC Application Process dialog.
Perform an Install DB on the check Point server 3.1.3 Additional Information (required when adding a Check Point CLM or Secondary CMA) Typically, the DN is not required for anything other than adding the Check Point CLM as a data source. The configuration steps below are needed when firewall logs are sent to a CLM instead of the CMA.
SSH to the CMA
Enter expert mode
Run “grep sic_name $FWDIR/conf/objects_5_0.C” This will show all DNs. Find the correct one for the CLM