Forcepoint NGFW

Version: Forcepoint NGFW v6.8.8 and above.

Forcepoint NGFW supports multiple components which provide services to inspect traffic logs, block malicious attacks, prevents data thefts etc. and all such events can be observed or managed by management console.

Netsurion's Open XDR platform seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine analytics, and user behavior monitoring. The dashboard, category, alerts, and reports in Netsurion’s Open XDR platform benefit in tracking critical activities, security warning activities, and others.

After configuring the Forcepoint NGFW firewall to forward logs to Netsurion's Open XDR platform via syslog, then configure the alerts, dashboards, and reports to the Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Forcepoint NGFW - Critical events detected This alert is triggered whenever a high or critical level of severity events are detected by the Forcepoint NGFW.

Reports

Type Name Description
Security Forcepoint NGFW - Events overview This report will capture all the events performed on the Forcepoint NGFW.

Dashboard

Type Name Description
Security Forcepoint NGFW - Events overview This dashlets display the different types of events like connection events, VPN events etc. logged by Forcepoint NGFW firewall.
Security Forcepoint NGFW - Critical events The dashlet will capture critical events like Malware or threat related events etc. detected by Forcepoint NGFW firewall.

Documentation

The configuration details are consistent with Netsurion open XDR version 9.3 or later, and Forcepoint NGFW v6.8.8 and above.

Download Integration guide and How-to Guide for more information and to configuration instructions.