Wider attack surface coverage powered by hundreds of integrations and deeper threat visibility powered by thousands of detections.
Version: WatchGuard Firebox v11.10.0 to v12.7.0
WatchGuard Firebox Series appliances combine firewall VPN with robust security services and flexible management tools.
WatchGuard Firebox uses the Syslog protocol to forward logs to Netsurion's Open XDR platform. It provides information about possible attacks, suspicious network traffic, device configuration changes, user login and authentication activities. Using these reports, one can track which user has logged in successfully and failed to log in along with the reason. With the help of these reports one can inspect endpoints for analysis of attack types and suspicious traffic like IP spoofing, intrusion prevention traffic detected.
Dashboards display a graphical representation of user logon activities, device configuration changes, and attack detected. Using the geo-location dashboard, one can track IP traffic by country/ ISO code.
Alerts are triggered when a user performs any of the following: configuration changes on the endpoints, user login failed, user authentication failed, etc.
After WatchGuard Firebox is configured to deliver events to Netsurion, alerts, dashboards, and reports can be configured into Netsurion.
The configuration details are consistent with Netsurion version 9.x and later, and WatchGuard Fireware v11.10.0 to v12.7.0.
Download Integration Guide and How-to Guide for more information and to configuration instructions.