Quick Links

Integrating with WatchGuard Firebox Firewall

Overview

Blumira’s modern cloud SIEM platform integrates with WatchGuard Firebox Firewalls to detect cybersecurity threats and provides actionable response to remediate when a threat is detected.

When configured, the Blumira integration with WatchGuard Firebox Firewalls  will stream security event logs to the Blumira service for automated threat detection and actionable response.

Before you begin

This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.

Gather the IP address of your Blumira sensor to use when configuring the external service.

To find and copy the IP address of the sensor, do the following:

  1. In Blumira, navigate to Settings > Sensors.
  2. Click the sensor row to open the details page.
  3. In the Overview section, next to Host Details, copy the IP address.

Sending logs to Blumira

To configure WatchGuard Firebox to send log data to Blumira Sensor:

  1. Navigate to System > Logging.
  2. Click the Syslog Server tab.
  3. Select the Send log messages to these syslog servers check box.
  4. Click Add.
  5. In the IP Address box, type the server IP address of the Blumira Sensor.
  6. In the Port field, keep the default 514.
  7. From the Log Format drop-down list, select Syslog
    WatchGuard Syslog Settings
    .
  8. Click OK.
  9. (Optional) In the Description text box, type a description for the server.
  10. To include the date and time that the event occurs on your Firebox in the log message details, select the The time stamp check box.
  11. Do not check the box to include the device serial number
  12. In the Syslog Settings section, for each type of log message, select a syslog facility from the drop-down list.
    • For high-priority syslog messages, such as alarms, select Local0.
    • To assign priorities for other types of log messages (lower numbers have greater priority), select Local1 – Local7.
    • To not send details for a message type, select NONE.
  13. To restore the default settings, click Restore Defaults.
  14. Click Save.

Reference: Configure Syslog Server Settings