Applies to: WatchGuard Firebox v11.10.0 to v12.7.0
WatchGuard Firebox Series appliances combine firewall VPN with robust security services and flexible management tools.
WatchGuard Firebox forwards logs to EventTracker via Syslog. EventTracker WatchGuard Firebox report provides information about the possible attacks, suspicious network traffic, device configuration changes, user login, and user authentication activities. Using these reports, one can track which user has logged in successfully and failed to log in along with the reason. With the help of these reports, one can inspect the endpoints to analyze the type of attack that happened, suspicious network traffic like IP spoofing, intrusion prevention traffic detected.
Dashboards display a graphical representation of user logon activities, device configuration changes, and attack detected. Using the geo-location dashboard, one can track IP traffic by country/ ISO code.
Alerts are triggered when a user performs any of the following: configuration changes on the endpoints, user login failed, user authentication failed, etc.
After WatchGuard Firebox is configured to deliver events to EventTracker, alerts, dashboards, and reports can be configured into EventTracker.
The configuration details are consistent with EventTracker version 9.x and later, and WatchGuard Fireware v11.10.0 to v12.7.0.
To configure WatchGuard Fireware to send logs to EventTracker, refer to the How-to Guide.
For more information please refer to the Integration guide