pfSense Integration Guide🔗
pfSense must be configured to send logs via Syslog to the Taegis™ XDR Collector. Logs are filtered and correlated in real-time for various security event observations.
Follow the instructions below to configure logging and enable monitoring by Secureworks® Taegis™ XDR.
Connectivity Requirements🔗
| Source | Destination | Port/Protocol |
|---|---|---|
| pfSense Firewall | XDR Collector (mgmt IP) | UDP/514 |
Data Provided from Integration🔗
| Normalized Data | Out-of-the-Box Detections | Vendor-Specific Detections | |
|---|---|---|---|
| pfSense Firewall | Netflow |
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions🔗
Within the pfSense console, navigate to Status > System Logs > Settings.
-
Configure the following for General Logging Options:
General Logging Options🔗
- Log Message Format — BSD (RFC 3164, default)
General Logging Options -
Configure the following for Remote Logging Options:
Remote Logging Options🔗
- Enable Remote Logging — Checked / selected
- Source Address — Interface / network with access to XDR Collector
- IP Protocol — IPv4
- Remote log servers — The IP address of the XDR Collector
- Remote Syslog Contents — Firewall Events
Remote Logging Options -
Select Save to save the logging options.
Your pfSense appliance is now logging to XDR.