Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Overview

We are providing you the steps to integrate your Watchguard Firewall with Seceon SIEM so that you can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log and Netflows forwarding.

Steps of Configuration

1-Connect with the system manager. 


2- Connect to the device and log

3-Go to the policy manager.

Syslog -

Go to Setup and log in.


Add for new configure -

Fill out and check the box-


After completing all check the ok button.

\

NetFlow-

Enable the NetFlow and check the box with the requirement.

VERIFICATION OF CONFIGURATION

Verification can be done either from CCE Server or from UI.

Using UI

STEP 1: Login to UI >> SYSTEM

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

Using CCE SERVER

sudo tcpdump -i any host 514 (for logs) and 9995 (for flows) and host <IP address> -AAA” command should be ran on CCE server to check whether or not we are getting logs .

  • No labels