PoliWall Integration

PoliWall

Version : PoliWall Security Appliance version 1.21.00

The Bandura’s PoliWall is an in-line appliance which reduces noise at the network perimeter, thereby decreasing workloads of systems deeper inside the network, making routers, firewalls, and IPS/IDS more effective. Netsurion Open XDR receives syslog data from PoliWall and helps in efficient visualization and analysis of allowed or blocked traffic by employing alerts, reports, dashboards and knowledge objects. Netsurion Open XDR also utilizes IP VOID to identify blacklisted IP addresses in allowed traffic and generates alert to tip-off concerned IT Admin.

Netsurion Data Source Integration for PoliWall allows you to monitor the following:-

Operations – Identify new source or destination IP addresses in allowed traffic using behavior rules.
Security – Monitor malicious traffic with risk score and track blacklisted IP addresses in allowed traffic.
Compliance – Monitor allowed or blocked traffic passing through PoliWall.

Once PoliWall is configured to deliver events to Netsurion Open XDR Manager; alerts, reports, behavior rules, knowledge objects and dashboards can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type	Name	Description
Security	PoliWall – Threat detected	This alert is generated when malicious activity is detected in transient traffic. E.g. spam, malware.
Security	PoliWall – Blacklisted IP detected in allowed traffic	This alert is generated when blacklisted source or destination IP address is detected in allowed traffic.
Operations	PoliWall – New IP detected in allowed traffic	This alert is generated when new source or destination IP address is detected in allowed traffic.

Reports

Type	Name	Description
Security	PoliWall – Threat traffic details	This report provides information related to malicious activity detected in inbound or outbound traffic which includes Traffic Direction, Protocol Type, Action Type, Source IP, Source Port, Source Country, Destination IP, Destination Port and Destination Country, Block Reason and Risk Score fields.
Security	PoliWall – Blacklisted IP activity details	This report provides information related to blacklisted source or destination IP address detected in allowed traffic which includes Analysis Date, AS Number, AS Owner, Blacklist Status, City, Continent, Country Code, IP Address, ISP, LongitudeLatitude, Region, Reverse DNS and Source Log fields.
Compliance	PoliWall – Allowed traffic details	This report provides information related to inbound or outbound traffic permitted by PoliWall which includes Traffic Direction, Protocol Type, Source IP, Source Port, Source Country, Destination IP, Destination Port and Destination Country fields.
Compliance	PoliWall – Blocked traffic details	This report provides information related to inbound or outbound traffic prohibited by PoliWall which includes Traffic Direction, Protocol Type, Source IP, Source Port, Source Country, Destination IP, Destination Port, Destination Country, Block Reason and Block Details fields.

Documentation

The configuration details are consistent with Netsurion Open XDR 7.x and later, PoliWall Security Appliance.

Download Integration Guide for configuration instructions and more information.

24X7 SOC-AS-A-SERVICE

OPEN XDR PLATFORM

USE CASES

WHY NETSURION

PARTNERS

ALL CYBERSECURITY INSIGHTS

Level up your cybersecurity!

ABOUT NETSURION

XDR Hot Company

Next-Gen MDR Service

Best MDR Solution

PoliWall

Alerts

Reports

Documentation