WatchGuard Firebox

Alerts 

• WatchGuard Firebox - Device configuration changed: This alert is triggered when a user changes a device configuration.
• WatchGuard Firebox- Attack detected: This alert is triggered when the WatchGuard Firebox detects an attack.

Reports 

• WatchGuard Firebox - Device configuration change details: This report provides information related to a device configuration change when a user performs any changes in WatchGuard Firebox.
• This report captures the item information in the message details column and shows the time and the firewall device configuration on which the changes are made. 
• WatchGuard Firebox - Attack detected - This report provides information related to the attack detected by WatchGuard Firebox. It contains the Columns Log Time, Computer or Device name, Attack Type, Source Address, and Target Address. It briefs an administrator about attacks detected from suspicious hosts with target IP and attack details.
• WatchGuard Firebox – IPS traffic detected – This report provides information related to the intrusion prevention traffic detected. It contains the source IP Address, Source port, Destination IP Address, Destination Port, policy name, signature name, signature category, signature id, and status.

Alerts

• WatchGuard Firebox - User authentication failed:This alert is triggered when a user tries to authenticate and then fails. (e.g., When a user tries to log in using SSL/VPN or similar services).
• WatchGuard Firebox - User login failed: This alert is triggered when a user tries to log in but fails. For e.g., Incorrect username or password. (e.g., user tries to log in from GUI).

• WatchGuard Firebox - Proxy details: This report provides information related to traffic allowed or denied by the proxy policy, including Host Address, Source Address, Source port, Destination Address, Destination Port, Action, Message, and Policy Name fields. It briefs an administrator about proxy traffic passing through the firewall with actions consistent with the applied policy. 
• WatchGuard Firebox – IP spoofing and blocked site traffic detected: This report provides information related to the IP spoofing and blocked site traffic detected. It contains the source IP address, targets IP address, and traffic type.

Alerts

• WatchGuard Firebox: Customized certificate generation error - This alert is triggered when a customized certificate generation error occurs.
• WatchGuard Firebox: System shutdown or restart – This alert is triggered when a system is shut down or restarted.

Reports

• WatchGuard Firebox - User authentication failed - This report provides information related to the user authentication failed events. when the user authentication fails, it explains failed authentication. (e.g., When a user tries to log in using SSL/VPN or similar services)
• WatchGuard Firebox – User authentication success – This report provides information related to the user authentication success events. When a user tries to authenticate and succeeds.
• WatchGuard Firebox - User login failed - This report provides information related to the user logon failed events. When a user tries to log in, it fails. It has the column Log Time, Computer or Device name, Username, User Type and Source Address, and Assigned Virtual Client IP Address.
• WatchGuard Firebox - Traffic details - This report provides inbound and outbound traffic information. The report includes- Log Time, Computer or Device name, Status, In Interface Name, Out Interface Name, Source IP Address, Source Port, Destination IP Address, Destination Port, Application Behavior Name, Application Category ID, Application ID, Application Name, Category Name, Message, Policy Name. It briefs an administrator about traffic passing through the firewall with actions consistent with the applied policy.