TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Forcepoint (NGFW) Firewall Logs | ✅ | ✅ | ✅ | ✅ | forcepoint_firewall_logs | XML | S3 |
Overview
Forcepoint is a global cybersecurity company that provides data-first security solutions, focusing on protecting sensitive data and user activities across cloud, web, email, and network environments, using AI and SASE/Zero Trust principles to secure digital identities and prevent data loss for businesses and governments. .png?sv=2022-11-02&spr=https&st=2026-02-03T19%3A17%3A16Z&se=2026-02-03T19%3A28%3A16Z&sr=c&sp=r&sig=WGjm3PvVaztsm52eRXWaKCqNZcgPTw1VuT2Wyc%2Fq9ms%3D)
Their platform, like Forcepoint ONE, integrates capabilities such as Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA) to offer unified visibility and control, adapting to user behavior to allow safe digital transformation.
Supported data types
Forcepoint (NGFW) Firewall Logs
Overview:
The Forcepoint Next Generation Firewall (NGFW) is an advanced security solution that combines traditional firewall capabilities with deep packet inspection, an integrated intrusion prevention system (IPS), and application control to protect modern, distributed enterprise networks. It is designed to provide consistent security and performance across physical, virtual, and cloud deployments, all managed from a single, centralized console. This unified approach helps organizations reduce operational complexity and defend against sophisticated, multi-layered threats and data exfiltration attempts that can evade basic security measures.
Table name: forcepoint_firewall_logs
Send data to Hunters
Hunters supports the ingestion of Forcepoint Firewall logs via an intermediary AWS S3 bucket.
To connect Forcepoint Firewall Logs:
Export your logs from Forcepoint Firewall logs to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in XML format:
x<6><STONEGATE_LOG><TIMESTAMP>2026-01-01 00:00:00</TIMESTAMP><LOGID>1234567890</LOGID><NODEID>1.1.1.1</NODEID><FACILITY>Packet Filtering</FACILITY><TYPE>Notification</TYPE><EVENT>New connection</EVENT><ACTION>Allow</ACTION><SRC>2.2.2.2</SRC><DST>3.3.3.3</DST><SERVICE>ServiceMix_HTTPS</SERVICE><PROTOCOL>6</PROTOCOL><SPORT>12345</SPORT><DPORT>6789</DPORT><RULEID>605.1</RULEID><SRCIF>4</SRCIF><COMPID>FW_COMPONENT-1</COMPID><RECEPTIONTIME>2023-01-01 00:00:00</RECEPTIONTIME><SENDERTYPE>Firewall</SENDERTYPE><SITUATION>Connection_Allowed</SITUATION><EVENTID>1234567890123456789</EVENTID></STONEGATE_LOG>