You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/data-connectors/sonicwall-firewall.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,6 +11,7 @@ ms.author: cwatson
11
11
# SonicWall Firewall connector for Microsoft Sentinel
12
12
13
13
Common Event Format (CEF) is an industry standard format on top of Syslog messages, used by SonicWall to allow event interoperability among different platforms. By connecting your CEF logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.
14
+
This is autogenerated content. For changes, contact the solution provider.
14
15
15
16
## Connector attributes
16
17
@@ -53,7 +54,7 @@ CommonSecurityLog
53
54
Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.
54
55
55
56
Notice that the data from all regions will be stored in the selected workspace
56
-
1.1 Select or create a Linux machine
57
+
1.1 Select or create a Linux machine.
57
58
58
59
Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds.
59
60
@@ -71,7 +72,7 @@ Install the Microsoft Monitoring Agent on your Linux machine and configure the m
71
72
72
73
Set your SonicWall Firewall to send Syslog messages in CEF format to the proxy machine. Make sure you send the logs to port 514 TCP on the machine's IP address.
73
74
74
-
Follow Instructions. Then Make sure you select local use 4 as the facility. Then select ArcSight as the Syslog format.
75
+
Follow Instructions. Then Make sure you select local use 4 as the facility. Then select ArcSight as the Syslog format.
75
76
76
77
3. Validate connection
77
78
@@ -90,7 +91,7 @@ If the logs are not received, run the following connectivity validation script:
90
91
91
92
4. Secure your machine
92
93
93
-
Make sure to configure the machine's security according to your organization's security policy
94
+
Make sure to configure the machine's security according to your organization's security policy.
0 commit comments