WatchGuard Firebox

Version: WatchGuard Firebox v11.10.0 to v12.7.0

WatchGuard Firebox Series appliances combine firewall VPN with robust security services and flexible management tools.

WatchGuard Firebox uses the Syslog protocol to forward logs to Netsurion Open XDR. It provides information about possible attacks, suspicious network traffic, device configuration changes, user login and authentication activities. Using these reports, one can track which user has logged in successfully and failed to log in along with the reason. With the help of these reports one can inspect endpoints for analysis of attack types and suspicious traffic like IP spoofing, intrusion prevention traffic detected.

Dashboards display a graphical representation of user logon activities, device configuration changes, and attack detected. Using the geolocation dashboard, one can track IP traffic by country/ ISO code.

Alerts are triggered when a user performs any of the following: configuration changes on the endpoints, user login failed, user authentication failed, etc.

  • Security: Anti-Spam service and WLAN IDS activity.
  • Operations: High availability activity, Link monitoring, DHCP relay activity, User activity, and Content filtering.
  • Compliance: Login and authentication activity, Network access activity, Firewall alerts, VPN tunnel, and client activity.

After WatchGuard Firebox is configured to deliver events to Netsurion Open XDR, alerts, dashboards, and reports can be configured into Netsurion Open XDR.

To take advantage of this data source integration and to learn more about alerts, reports, and dashboards, contact your Technical Account Manager (TAM). If you are not currently a Netsurion customer or partner, contact us to learn more.