Forcepoint NGFW

Version: Forcepoint NGFW v6.8.8 and above.

Forcepoint NGFW supports multiple components which provide services to inspect traffic logs, block malicious attacks, prevents data thefts etc. and all such events can be observed or managed by management console.

Netsurion Open XDR seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine analytics, and user behavior monitoring. The dashboard, category, alerts, and reports in Netsurion Open XDR benefit in tracking critical activities, security warning activities, and others.

After configuring the Forcepoint NGFW firewall to forward logs to Netsurion Open XDR via syslog, then configure the alerts, dashboards, and reports to the Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.


Type Name Description
Security Forcepoint NGFW – Critical events detected This alert is triggered whenever a high or critical level of severity events are detected by the Forcepoint NGFW.


Type Name Description
Security Forcepoint NGFW – Events overview This report will capture all the events performed on the Forcepoint NGFW.


Type Name Description
Security Forcepoint NGFW – Events overview This dashlets display the different types of events like connection events, VPN events etc. logged by Forcepoint NGFW firewall.
Security Forcepoint NGFW – Critical events The dashlet will capture critical events like Malware or threat related events etc. detected by Forcepoint NGFW firewall.


The configuration details are consistent with Netsurion Open XDR 9.3 or later, and Forcepoint NGFW.

Download Integration guide and How-to Guide for configuration instructions and more information.