Overview

SonicWall Firewall is a network appliance by SonicWall which enhances various network security capabilities.

Integrating your SonicWall logs into Hunters will allow ingestion of the logs, as well as detection and advanced investigation and correlation over these logs.

Supported Data Types

  • SonicWall Events Logs - Network traffic logs by SonicWall (see more details here).

Hunters Integration

In order to integrate your SonicWall logs into Hunters, the logs need to be collected from your network to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.

The expected format of the logs is the key value format as exported by SonicWall. For example:

SonicWall Event Logs Sample

<134> id=firewall sn=18C241046638 time="2022-05-05 19:00:05 UTC" fw=8.8.1.2 pri=6 c=1024 m=537 msg="Connection Closed" app=49169 appName='General DNS' n=123886264 src=10.1.2.3:4234:X2-V550 dst=8.8.8.8:53:X4:dns.google srcMac=aa:bb:cc:11:22:33 dstMac=aa:bb:cc:11:22:34 proto=udp/dns sent=71 rcvd=136 spkt=1 rpkt=1 dpi=1 cdur=32000 rule="Custom Access Rule" fw_action="NA"