Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.
All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.
Accelerate business growth through our award-winning partner program.
Applies To: WatchGuard XTM Fireware v12.5
WatchGuard XTM Series appliances combine firewall/VPN with powerful security services and a suite of flexible management tools.
WatchGuard XTM Firewall forwards logs to EventTracker via syslog. EventTracker WatchGuard XTM Firewall report provides information about possible attacks, suspicious network traffic, device configuration changes, user login, and user authentication activities. By using these reports, one can track which user has logged in successfully and failed to login along with reason. With the help of these reports one can inspect the endpoints to analyze the type of attack happened, suspicious network traffic like IP spoofing, intrusion prevention traffic detected.
Dashboards display a graphical representation about user logon activities, device configuration changes, and attack detected. By using the geo-location dashboard, one can track IP traffic by country/ ISO code.
Alerts are triggered when a user performs any of the following: configuration changes on the endpoints, user login failed, user authentication failed, etc.
After WatchGuard XTM Firewall is configured to deliver events to EventTracker, alerts, dashboards, and reports can be configured into EventTracker.
The configuration details in this guide are consistent with EventTracker Enterprise version 7.X and later, WatchGuard XTM Fireware v12.5.
To configure WatchGuard to send logs to EventTracker, refer the How to Guide.
For more information please refer the Integration guide