Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
pfSesne Filter Logs | ✅ | ✅ | pfsense_filter_logs | Syslog | S3 |
Overview
pfSense is an open-source firewall and router software based on FreeBSD, widely used for network security and traffic management. It provides features like stateful packet filtering, VPN support, intrusion detection and prevention (IDS/IPS), and load balancing. pfSense is highly customizable and scalable, making it suitable for home networks, businesses, and enterprise environments. With an intuitive web interface, it simplifies firewall management while offering advanced security controls to protect networks from cyber threats.
Supported data types
pfSesne Filter Logs
Table name: pfsense_filter_logs
The raw filter log output format generated by pfSense software for its internal filter log, and the log output transmitted over syslog to remote hosts, is a single line containing comma-separated values.
Learn more here.
Send data to Hunters
Hunters supports the ingestion of pfSense logs via an intermediary AWS S3 bucket.
To connect pfSense logs:
Export your logs from pfSense to an AWS S3 bucket by following this guide.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in Syslog format.
pfSense Filter Logs
Apr 21 00:56:59 firewall filterlog[12345] 123,,,1236007123,abc1,match,block,in,4,0x0,,128,1234,0,none,17,udp,69,12.12.12.1,12.12.123.12,12364,161,49,,,,,,,,,,,
Apr 22 00:56:59 firewall filterlog[12346] 8,,,1234000103,abd1,match,block,in,4,0x0,,64,12388,0,DF,6,tcp,60,12.12.12.12,12.123.123.12,12308,1236,0,S,123445416,,12300,,abcs,abcOK,