Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Watchguard Firebox Logs | ✅ | ✅ | watchguard_firebox_logs | Text | S3 |
Overview
WatchGuard is a cybersecurity company that provides network security solutions for small and mid-sized businesses. Its products include firewalls, secure Wi-Fi, multi-factor authentication, and endpoint security, all designed to protect organizations from a wide range of cyber threats. WatchGuard’s solutions offer real-time threat intelligence, intrusion prevention, and content filtering to safeguard networks, devices, and data. With a focus on simplicity and ease of use, WatchGuard helps organizations enhance their security posture without the complexity of traditional enterprise solutions.
Supported data types
Watchguard Firebox Logs
Table name: watchguard_firebox_logs
WatchGuard Firebox logs capture detailed information about network traffic, security events, and system activities, providing valuable insights into the security posture of the network and helping to detect and mitigate threats effectively.
Learn more here.
Send data to Hunters
Hunters supports the ingestion of Watchguard logs via an intermediary AWS S3 bucket.
To connect Watchguard logs:
Export your logs from Watchguard to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in Text format.
Watchguard Firebox Logs Sample
(2023-03-14T00:00:00) iked[3081]: (1.2.3.4<->5.6.7.8)******** RECV an IKE packet at 1.2.3.4:1234(socket=14 ifIndex=7) from Peer 5.6.7.8:12345 ********
(2023-03-14T00:00:02) firewall: msg_id=\"3000-0148\" Deny 6dg Leased Line Firebox 40 tcp 20 238 1.2.3.4 5.6.7.8 1234 321 offset 5 S 1234567899 win 4 geo_src=\"US\" geo_dst=\"US\" (Unhandled External Packet-00)