PoliWall

Version : PoliWall Security Appliance version 1.21.00

The Bandura’s PoliWall is an in-line appliance which reduces noise at the network perimeter, thereby decreasing workloads of systems deeper inside the network, making routers, firewalls, and IPS/IDS more effective. Netsurion Open XDR receives syslog data from PoliWall and helps in efficient visualization and analysis of allowed or blocked traffic by employing alerts, reports, dashboards and knowledge objects. Netsurion Open XDR also utilizes IP VOID to identify blacklisted IP addresses in allowed traffic and generates alert to tip-off concerned IT Admin.

Netsurion Data Source Integration for PoliWall allows you to monitor the following:-

  • Operations – Identify new source or destination IP addresses in allowed traffic using behavior rules.
  • Security – Monitor malicious traffic with risk score and track blacklisted IP addresses in allowed traffic.
  • Compliance – Monitor allowed or blocked traffic passing through PoliWall. 

Once PoliWall is configured to deliver events to Netsurion Open XDR Manager; alerts, reports, behavior rules, knowledge objects and dashboards can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security PoliWall – Threat detected This alert is generated when malicious activity is detected in transient traffic. E.g. spam, malware.
Security PoliWall – Blacklisted IP detected in allowed traffic This alert is generated when blacklisted source or destination IP address is detected in allowed traffic.
Operations PoliWall – New IP detected in allowed traffic This alert is generated when new source or destination IP address is detected in allowed traffic.

Reports

Type Name Description
Security PoliWall – Threat traffic details This report provides information related to malicious activity detected in inbound or outbound traffic which includes Traffic Direction, Protocol Type, Action Type, Source IP, Source Port, Source Country, Destination IP, Destination Port and Destination Country, Block Reason and Risk Score fields.
Security PoliWall – Blacklisted IP activity details This report provides information related to blacklisted source or destination IP address detected in allowed traffic which includes Analysis Date, AS Number, AS Owner, Blacklist Status, City, Continent, Country Code, IP Address, ISP, LongitudeLatitude, Region, Reverse DNS and Source Log fields.
Compliance PoliWall – Allowed traffic details This report provides information related to inbound or outbound traffic permitted by PoliWall which includes Traffic Direction, Protocol Type, Source IP, Source Port, Source Country, Destination IP, Destination Port and Destination Country fields.
Compliance PoliWall – Blocked traffic details This report provides information related to inbound or outbound traffic prohibited by PoliWall which includes Traffic Direction, Protocol Type, Source IP, Source Port, Source Country, Destination IP, Destination Port, Destination Country, Block Reason and Block Details fields.

Documentation

The configuration details are consistent with Netsurion Open XDR 7.x and later, PoliWall Security Appliance.

Download Integration Guide for configuration instructions and more information.