PoliWall

Version : PoliWall Security Appliance version 1.21.00

The Bandura’s PoliWall is an in-line appliance which reduces noise at the network perimeter, thereby decreasing workloads of systems deeper inside the network, making routers, firewalls, and IPS/IDS more effective. Netsurion's Open XDR platform receives syslog data from PoliWall and helps in efficient visualization and analysis of allowed or blocked traffic by employing alerts, reports, dashboards and knowledge objects. Netsurion's Open XDR platform also utilizes IP VOID to identify blacklisted IP addresses in allowed traffic and generates alert to tip-off concerned IT Admin.

Netsurion Data Source Integration for PoliWall allows you to monitor the following:-

  • Operations - Identify new source or destination IP addresses in allowed traffic using behavior rules.
  • Security - Monitor malicious traffic with risk score and track blacklisted IP addresses in allowed traffic.
  • Compliance - Monitor allowed or blocked traffic passing through PoliWall. 

Once PoliWall is configured to deliver events to Netsurion Manager; alerts, reports, behavior rules, knowledge objects and dashboards can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below. 

Alerts

Type Name Description
Security PoliWall - Threat detected This alert is generated when malicious activity is detected in transient traffic. E.g. spam, malware.
Security PoliWall - Blacklisted IP detected in allowed traffic This alert is generated when blacklisted source or destination IP address is detected in allowed traffic.
Operations PoliWall - New IP detected in allowed traffic This alert is generated when new source or destination IP address is detected in allowed traffic.

Reports

Type Name Description
Security PoliWall - Threat traffic details This report provides information related to malicious activity detected in inbound or outbound traffic which includes Traffic Direction, Protocol Type, Action Type, Source IP, Source Port, Source Country, Destination IP, Destination Port and Destination Country, Block Reason and Risk Score fields.
Security PoliWall - Blacklisted IP activity details This report provides information related to blacklisted source or destination IP address detected in allowed traffic which includes Analysis Date, AS Number, AS Owner, Blacklist Status, City, Continent, Country Code, IP Address, ISP, Longitude\Latitude, Region, Reverse DNS and Source Log fields.
Compliance PoliWall - Allowed traffic details This report provides information related to inbound or outbound traffic permitted by PoliWall which includes Traffic Direction, Protocol Type, Source IP, Source Port, Source Country, Destination IP, Destination Port and Destination Country fields.
Compliance PoliWall - Blocked traffic details This report provides information related to inbound or outbound traffic prohibited by PoliWall which includes Traffic Direction, Protocol Type, Source IP, Source Port, Source Country, Destination IP, Destination Port, Destination Country, Block Reason and Block Details fields.

Documentation:

The configuration details are consistent with Netsurion Enterprise version 7.x and later, PoliWall Security Appliance version 1.21.00

Download Integration Guide for more information.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept