Back Arrow Back to All Integrations

WatchGuard Firebox Firewall

WatchGuard Firebox Firewall

Integrating WatchGuard Firebox Firewalls With Blumira

Blumira’s modern cloud SIEM platform integrates with WatchGuard Firebox Firewalls to detect cybersecurity threats and provides actionable response to remediate when a threat is detected.

 

When configured, the Blumira integration with WatchGuard Firebox Firewalls  will stream security event logs to the Blumira service for automated threat detection and actionable response.

 

Get visibility, detect and respond to threats faster:

 

  • Quickly detect known and suspected threats with Blumira’s cloud-based platform
  • Reduce the noise of false-positive alerts with backend automation and fine-tuned alerting
  • Detect lateral movement across your environment with virtual honeypots
  • Get guided and actionable remediation playbooks for teams without security expertise
  • View easy-to-understand dashboards and security threat reports to help organizations meet compliance requirements

 

WatchGuard Firebox Firewall Log Collection

In this document, we’ll identify the initial setup steps to collect logs from the WatchGuard Firebox Firewall. Over time, Blumira will recommend modifications to these configurations depending on output.

For vendor documentation, please click here.

Configuring Syslog and an Output Destination

  1. Select System > Logging.
    The Logging page appears.
  2. Click the Syslog Server tab.
  3. Select the Send log messages to these syslog servers check box.
  4. Click Add.
    The Syslog Server dialog box appears.
  5. In the IP Address text box, type the server IP address of the Blumira Sensor.
  6. In the Port text box, the default syslog server port (514) appears. To change the server port, type or select a different port for your server.
  7. From the Log Format drop-down list, select SyslogWatchGuard Syslog Settings
  8. Click OK.
  9. (Optional) In the Description text box, type a description for the server.
  10. To include the date and time that the event occurs on your Firebox in the log message details, select the The time stamp check box.
  11. Do not check the box to include the device serial number
  12. In the Syslog Settings section, for each type of log message, select a syslog facility from the drop-down list.
    • For high-priority syslog messages, such as alarms, select Local0.
    • To assign priorities for other types of log messages (lower numbers have greater priority), select Local1 – Local7.
    • To not send details for a message type, select NONE.
  13. To restore the default settings, click Restore Defaults.
  14. Click Save.

At this point the Blumira sensor will start receiving syslog communication from your WatchGuard Firebox Firewall.