SonicWALL UTM Firewall

OverviewResources

Once SonicWALL UTM is configured to deliver events to EventTracker Manager; alerts, dashboards and reports can be configured into EventTracker.

Some of the Knowledge Packs available in EventTracker are listed below. For more information, please refer Integration Guide.

Operations

Alerts

SonicWALL UTM: Bandwidth web category access blocked - This alert is generated when access to URL listed in Bandwidth web category is blocked by SonicWALL UTM.
SonicWALL UTM: Baseline web category access blocked - This alert is generated when access to URL listed in Baseline web category is blocked by SonicWALL UTM.

Reports

SonicWALL Firewall-Network access report: This report provides information related to network access which includes source IP address, source Port, destination IP address, destination port, WAN address and message field.
SonicWALL UTM-Website access allowed: This report provides information related to website access allowed which includes user name, source IP, URL category and URL name.
SonicWALL UTM-DSL activity: This report provides information related to DSL activity which includes user name, source IP and message field.
SonicWALL UTM-Application control prevention: This report provides information related to application control prevention which includes source IP and messages field.
SonicWALL UTM-Application control detection: This report provides information related to application control detection which includes source IP and messages field.
SonicWALL UTM-Interface link status: This report provides information related to interface link status which includes interface name and it's status(UP OR DOWN).
SonicWALL UTM-Connection closed dropped or terminated: This report provides information related to connection status which includes source and destination IP and ports and connection status(closed, dropped and terminated) with protocol used during connection.
SonicWALL UTM-Connection opened or established: This report provides information related to connection opened and established which includes source and destination IP, ports and interface, application used for making connection and protocol details.
SonicWALL UTM-Terminal services or SSO Agent: This report provides information related to terminal and SSO services status which includes service name (terminal or SSO) and it's status and by whom these services are enabled and disabled.
SonicWALL UTM-Multicast policy list: This reports provides information related to addition or deletion of multicast policy list in interface or VPN SPI, which includes the interface Name and VPN SPI value in which multicast policy is added or deleted.
SonicWALL UTM-System Shutdown by Administrator: This reports provides information related to system shutdown by administrator which includes user details i.e. by whom firewall is shutdown.
SonicWALL UTM-Traffic flow: This reports provides information related to traffic flow whether the connection to the traffic flow is opened or closed.
SonicWALL UTM-Administrator login status: This report is generated to give information related to administrator login that has occurred.
SonicWALL UTM-Application management: This report is generated to give information related to application activities that occurred.
SonicWALL UTM-Connection status: This report is generated to give information related to connection status.
SonicWALL UTM-DHCP lease status: This report is generated to give information related to DHCP lease status.

Security

Alerts

SonicWALL UTM: Security web category access blocked - This alert is generated when access to URL listed in Security web category is blocked by SonicWALL UTM.

Reports

SonicWALL UTM-WLAN IDS report: This report provides information related to WLAN IDS which includes source IP and message field.
SonicWALL UTM-AntiSpam service: This reports provides information related to antispam service which includes status of service and by whom it is enabled or disabled.
SonicWALL UTM-Intrusion detection: This reports provides information related to intrusion detected by SonicWALL firewall which includes source and victim details and attack name.
SonicWALL UTM-Authentication success: This report provides information related to authentication success which includes user name, source IP and messages field.
SonicWALL UTM-Anti-Spyware detected: This report provides information related to anti-spyware detected which includes Event generated time and source IP field.
SonicWALL UTM-FTP logon details: This report provides information related to FTP logon details which includes user name, source IP and message field.
SonicWALL UTM-Attacks detection: This report provides information related to attack detection which includes source IP address and messages field.
SonicWALL Firewall-access rule change: This report is generated to give information related to firewall access rule changes.
SonicWALL Firewall-IDS attacks: This report is generated to give information related to IDS attacks that occurs in the system.
SonicWALL UTM-FTP logon status: This report is generated to give information related to FTP logon status.

Compliance

Alerts

SonicWALL UTM: Productivity web category access blocked - This alert is generated when access to URL listed in Productivity web category is blocked by SonicWALL UTM.
SonicWALL UTM: Social networking web category access blocked - This alert is generated when URL listed in Social networking web category access has been blocked by SonicWALL UTM.
SonicWALL Firewall: VPN User authentication failed - This alert is generated when user authentication is failed by SonicWALL Firewall VPN.

Reports

SonicWALL UTM-User activity: This report provides information related to user activity which includes user name, source IP and message field.
SonicWALL UTM-Admin login failed: This report provides information related to admin login failure which includes user name, source IP and message field.
SonicWALL UTM-Authentication failed: This report provides information related to authentication failure which includes user name, source IP and messages field.
SonicWALL UTM-Website access denied: This reports provides information related to websites whose access are denied which includes source and destination IP, port and interface and URL and it's category.
SonicWALL Firewall-VPN User authentication failed: This report provides information related to user authentication failure which includes source address and port, destination address and Port, additional information and reason for failure.
SonicWALL Firewall-VPN User authentication success: This report provides information related to user authentication success which includes source address and port, destination address and port, additional information and reason for success.
SonicWALL Firewall-VPN activity: This report provides information related to VPN activity that contains VPN Client, VPN IPsec, VPN IKE, and VPN PKI which includes source address and port, destination address and port, additional information and message.
SonicWALL Firewall-VPN IPsec tunnel status changed: This report provides information related to IPsec tunnel status changed to up or down which includes source range, destination range, gateway, reason, status and VPN details.
SonicWALL UTM-User admin login status: This report is generated to give information related to user admin login status.
SonicWALL UTM-User authentication status: This report is generated to give information related to user authentication status.
SonicWALL UTM-Website access status: This report is generated to given information related to website access status.

Scope

The configurations detailed in this guide are consistent with EventTracker Enterprise version 7.X and later,SonicWALL UTM SonicOS 5.8 and later.

Documentation:

To configure Sonicwall UTM to send logs to EventTracker, refer the How to Guide.

For more information please refer the Integration guide

Solutions

Capabilities

Industries

Knowledge Center

Support

SonicWALL UTM Firewall

Overview

SonicWALL UTM Logging

Alerts

Reports

Alerts

Reports

Alerts

Reports

Scope

Documentation: