Network on SolCyber Knowledgebase

Azure Firewall

Mon, 01 Jan 0001 00:00:00 +0000

Create an Azure Event Hub Namespace and Event Hub#

Azure Portal: Navigate to the Azure Portal.
Create a Namespace: Search for “Event Hubs” and create a new Event Hub namespace.
Create an Event Hub: Within the namespace, create an Event Hub (e.g., “firewall-logs”).

Configure Azure Firewall to Send Logs to Event Hub#

Azure Firewall Policy: Go to the Azure Firewall policy associated with your firewall.
Diagnostic Settings: Under “Diagnostics”, create a new diagnostic setting.

Cisco ASA

Mon, 01 Jan 0001 00:00:00 +0000

NOTE: Be sure to make a backup of your current ASA configuration before performing any changes.

Configure logging using the ASDM GUI#

Ensure logging is enabled. Visit Configuration > Features > Properties > Logging > Logging Setup. Check the Enable logging check box in order to enable syslog output.

Configure the external Syslog Server: Choose Syslog Servers under Logging and click Add in order to add a syslog server. Enter the IP of your Remote Ingestion Node (RIN), choose UDP, and enter 1514 (or another port if instructed by SolCyber) in the Add Syslog Server box and choose OK when you are done. Be sure to leave “Log messages in Cisco EMBLEM format” unchecked.

Enable Log Sending: choose Logging Filters in the logging section. This presents you with each possible logging destination and the current level of logs that are sent to those destinations. Choose Syslog Servers and click Edit.

Select Filter on Severity and Informational. Click OK.
Click Apply - this will apply the new settings. If you experience any issues with connectivity after applying the new config, revert to your backup config.

Configure Logging Using the CLI#

text

logging enable
logging host <interface_name> <sensor_ip> udp
logging permit-hostdown
logging timestamp
logging device-id hostname
no logging emblem

The <interface_name> argument specifies the interface through which you access your Remote Ingestion Node (RIN). The sensor_ip argument specifies the IP address of the RIN.

SonicWall Firewall

Mon, 01 Jan 0001 00:00:00 +0000

Pre-requisites:

Must have GMS server or On-Prem Analytics server installed and configured.

Have an Address Object Created on the Firewall for SonicWall Analytics system.

Navigate to Device > Log > Syslog
Select Syslog Servers and Click Add
Select the Name or IP address of the Syslog server from the dropdown. Enter the port provided by SolCyber.

Cisco Meraki Firewall Syslog

Mon, 01 Jan 0001 00:00:00 +0000

Go to Network-wide > Configure > General.
Click Add a syslog server to define a new server.
- Server IP: The Securonix Hub IP address.
- Port: generally, we will use udp port 1514. The SolCyber team may specify another port to use if 1514 is already in use on the Hub.
- Roles: The roles to send to the server.
Choose the type of events to export:
- Event Log: The messages from the dashboard under Monitor > Event Log.
- Flows: Inbound and outbound traffic flow-generated syslog messages that include the source, destination, and port numbers.
- URL: HTTP GET requests generating syslog entries.