WatchGuard Firewall Integration Guide🔗
WatchGuard firewalls should be configured to send logs via syslog to the Taegis™ XDR Collector from the Fireware Web UI or Policy Manager. Please follow the instructions in the documentation provided by WatchGuard to add syslog servers.
Connectivity Requirements🔗
| Source | Destination | Port/Protocol |
|---|---|---|
| WatchGuard Firewall | XDR Collector (mgmt IP) | UDP/514 |
Data Provided from Integration🔗
| Normalized Data | Out-of-the-Box Detections | Vendor-Specific Detections | |
|---|---|---|---|
| WatchGuard Firewall | Auth | DNS, HTTP, Netflow |
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions🔗
To configure your WatchGuard firewall to send logs to Secureworks® Taegis™ XDR, follow the instructions provided by WatchGuard to add syslog servers in this article. Consider the following requirements when completing the configuration steps:
- IP Address — The IP address of the XDR Collector
- Port — 514
- Log Format -- Syslog
- Include time stamp — Check to include.
- Include serial number of the device — Check to include.
- Syslog Facility — Select according to your priorities.