SonicWall SMA
Version: SonicWall SMA 100 series with firmware version v10.2.1.x.
SonicWall SMA (Secure Mobile Access) is a unified secure access gateway that enables organizations to provide access to any application, anytime, from anywhere and any devices, including managed and unmanaged.
Netsurion Open XDR manages logs retrieved from SonicWall SMA. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in SonicWall SMA. This DSI supports all SonicWall SMA 100 series devices which includesSMA 200/210, SMA 400/410, SMA 500v.
The following are the key assets included with this Data Source Integration.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | SonicWall SMA – Anomalous authentication detected | Generated when a potential anomalous authentication is detected by SonicWall SMA. |
| Security | SonicWall SMA – Suspicious event detected | Generated when a suspicious activity is detected by SonicWall SMA. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | SonicWall SMA – Authentication and authorization events | Provides details about the authentication and authorization related events detected by SonicWall SMA device. |
| Security | SonicWall SMA – Web application firewall events | Provides details about all the Web Application Firewall (WAF) events detected by SonicWall SMA device. |
| Operational | SonicWall SMA – VPN client events | Provides details about the VPN client events detected by SonicWall SMA device. |
| Operational | SonicWall SMA – Device management events | Provides details about the device management events detected by SonicWall SMA device. |
Dashboards
| Type | Name | Description |
|---|---|---|
| Security | SonicWall SMA – Login failed events by user | Displays events related to the user’s failed login attempts. |
| Security | SonicWall SMA – Web application firewall events | Displays events related to Web Application Firewall (WAF). |
| Security | SonicWall SMA – Source IP by geo location. | Displays the geo location of the source IP address. |
| Compliance | SonicWall SMA – Login and logout successful events by user. | Displays events for a user successfully login and logout. |
Saved Searches
| Type | Name | Description |
|---|---|---|
| Security | SonicWall SMA – Authentication and authorization events | Provides details about the authentication and authorization related events detected by the SonicWall SMA device. |
| Security | SonicWall SMA – Web application firewall events | Provides details about all the Web Application Firewall (WAF) events detected by the SonicWall SMA device |
| Operational | SonicWall SMA – VPN client events | Provides details on the events that the SonicWall SMA device’s VPN client has triggered. |
| Operational | SonicWall SMA – Device management events | Provides details about the device management events detected by the SonicWall SMA device. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and SonicWall SMA.
Download the Integration Guide for configuration instructions and more information.