Check Point MEPP

When you configure Check Point Media Encryption and Port Protection (MEPP) to send log data to Sheriff CSM, you can use the checkpoint-mepp plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

Device	Details
Vendor	Check Point
Device Type	Data protection
Connection Type	Syslog
Data Source Name	checkpoint-mepp
Data Source ID	1854

Integrating Check Point MEPP

Before you configure the Check Point Media Encryption and Port Protection (MEPP) integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Check Point MEPP to send Syslog messages to Sheriff CSM

1. In the Smart Dashboard, click the Firewall tab.

2. In the Servers and OPSEC Applications object tree, right-click and select Servers > New > Syslog.

3. In the Syslog Properties window, enter or select:

   • Name (for example: AV-CSM)
   • Optional comment
   • Host (IP Address/Hostname of Sheriff CSM)
   • Port (Default = 514)
   • Version (Syslog Protocol)

4. In the Smart Dashboard, select Gateway Properties > Logs.

5. In the Send logs and alerts to these log servers table, click the Green button to add the Syslog server defined earlier.

6. Click OK.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

Sending Check Point Logs to a Syslog Server

For troubleshooting, refer to the vendor documentation:

http://dl3.checkpoint.com/paid/b9/CP_ES_R73_Media_Encryption_AdminGuide.pdf?HashKey=1493921334_423def3167c806dbc79921df5a20062c&xtn=.pdf

Note: Subscription privileges required to access the troubleshooting web link.