SonicWall

Overview

SonicWall Firewall is a network security solution designed to protect organizations from cyber threats by providing advanced firewall, intrusion prevention, and malware protection capabilities. It offers deep packet inspection, content filtering, and VPN support to secure network traffic and prevent unauthorized access. SonicWall Firewalls also include features like real-time threat intelligence, application control, and SSL/TLS decryption to detect and block malicious activities. These firewalls are used in businesses of all sizes to safeguard their networks, endpoints, and cloud environments from evolving security threats.

Supported data types

SonicWall Events Logs

Table name: sonicwall_event_logs

Network traffic logs generated by SonicWall devices play a critical role in managing, securing, and understanding your network's activities. SonicWall, a well-regarded provider of cybersecurity devices and services, offers a wide range of products such as firewalls, VPNs, and advanced threat protection solutions.

Learn more here.

Send data to Hunters

Hunters supports the ingestion of SonicWall logs via an intermediary AWS S3 bucket.

To connect SonicWall logs:

1. Export your logs from SonicWall to an AWS S3 bucket.

2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

The expected format of the logs is the key value format as exported by SonicWall. For example:

<134> id=firewall sn=18C241046638 time="2022-05-05 19:00:05 UTC" fw=8.8.1.2 pri=6 c=1024 m=537 msg="Connection Closed" app=49169 appName='General DNS' n=123886264 src=10.1.2.3:4234:X2-V550 dst=8.8.8.8:53:X4:dns.google srcMac=aa:bb:cc:11:22:33 dstMac=aa:bb:cc:11:22:34 proto=udp/dns sent=71 rcvd=136 spkt=1 rpkt=1 dpi=1 cdur=32000 rule="Custom Access Rule" fw_action="NA"