Home » Integrating Firewall Analyzer with SIEM

Integrating Firewall Analyzer with SIEM

Firewall Analyzer integrates with SIEM tools to forward critical firewall events, access logs, audit logs, and alerts to the SIEM platform in real time as syslogs. This integration allows Firewall Analyzer to act as a centralized log monitoring solution that collects, analyzes, and forwards security event data to external SIEM platforms, enabling efficient threat detection, incident response, compliance auditing, and improved network security visibility.

Configure Firewall Analyzer — SIEM Integration

This integration allows Firewall Analyzer to forward access logs and audit module entries to a SIEM tool for improved security monitoring and correlation. Follow the steps below to set up and configure the integration.

SIEM with FWA

Steps to integrate Firewall Analyzer with SIEM

This document covers the following:

Configure SIEM Integration Settings

Steps to integrate Firewall Analyzer with SIEM:

  1. Go to Settings → General Settings → Integrations → SIEM
  2. Click Configure.

Configure SIEM with FWA

Integrating Firewall Analyzer with SIEM

  1. Enter the SIEM Application Name.
  2. Enter the Host and Port details, including:
    • Hostname / IP Address
    • Port Number

Note::The syslog format RFC-5424 is used to forward data.

  1. Select the required log types or modules to forward to the SIEM platform (for example: traffic logs, security logs, audit logs).
  2. Accept the SIEM privacy policy.
  3. Click Save to complete the integration.

Note:

  • UDP/syslog protocol is used for forwarding logs.
  • Ensure that the third-party SIEM tool is configured to listen on the specified UDP port.

Configuring Notification Templates

Firewall Analyzer allows you to create notification templates to define how alerts are forwarded to the SIEM platform when specific events are triggered.

Follow the steps below to configure:

  1. Go to Settings → Notifications → Notification Templates
  2. Click SIEM → SIEM (UDP/Syslog) to create a notification template.
  3. Enter the required parameters, including:
    • Template Name
    • Format
    • Severity
    • Facility
    • Description
    • Relevant Variables
  4. If you enable the Structured Message option, provide the required key-value pair inputs.
  5. To verify the configuration, click Test Action to send a sample syslog message to the configured host and port.
  6. Click Save.

Configure Notification Template for SIEM with FWA

Once configured, Firewall Analyzer continuously monitors firewall logs and security events. When an alert associated with a SIEM notification template is triggered, the event details are formatted according to the configured template and forwarded to the SIEM platform via UDP/syslog. This enables centralized event correlation, faster threat detection, and streamlined incident response within the external SIEM system.

A single platter for comprehensive Network Security Device Management
Quick LinksNetwork Bandwidth ReportsNetwork Security & Device MgmtLog ManagementCompliance &amp MSSP Features