©threatER 2024
Threat Risk Assessment
Before proceeding, please be sure you can obtain your firewall logs or know who from your organization is able to do this.
If you have any questions, please email threatassessments@threater.com.
Be Prepared to Provide
Please download a firewall connection log with the following fields included:
- Source IP
- Destination IP
- Allowed/Denied status
- Timestamp
If you are unable to pull a file with these fields included, we can utilize the data from a syslog server. Please reach out to: threatassessments@threater.com and we will provide further instructions on this.
Threat Risk Assessment - Log Upload
INFORMATION BEFORE YOU BEGIN YOUR UPLOAD:
Ensure you can obtain your firewall logs/or know from your organization who can
Date range: Your provided logs can be for any range of time, but the longer the period of time, the more analysis we can provide.
File format: This file can be in the firewall vendor’s default format.
Firewall Providers
Palo Alto Networks
Step 1:
- Set the number of rows to display in the report.
- Select DeviceSetupManagement, then edit the Logging and Reporting Settings.
- Click the Log Export and Reporting tab.
- Edit the number of Max Rows in CSV Export (up to 1048576 rows).
- Click OK.
Step 2:
- Download the log.
- Click Export to CSV. A progress bar showing the status of the download appears.
- When the download is complete, click Download file to save a copy of the log to your local folder. For descriptions of the column headers in a downloaded log, refer to Syslog Field Descriptions.
Fortinet
- Log View -> Fortigate -> Traffic
- All Forigate
- Set to 7 days
- In the top right, click the wrench and select ‘Download’
- In the format dropdown select ‘Text’
- Compress with gzip (if necessary)
- Select ‘All Pages’
- Download
Cisco
- This requires a syslog upload. Please contact us here to schedule a time to talk.
Sophos
- To use WinSCP, follow the steps on the Basic Tasks page.
- To use the PSCP utility on your Windows device, download it here.
- Open Command Prompt and navigate to the directory where the PSCP client is stored and use the following command to copy the log file from the Sophos Firewall to your local Windows device.
-
pscp -scp admin@:/log/
- After running the command, the system will prompt for the admin password for the Sophos Firewall. If the password is correct, it will copy the file and save it to the requested location.
Watchguard
- Select the device or folder.
- From the list of reports, select Logs > Log Manager.
Log messages for the selected device or devices show, with traffic log messages shown by default. - From the Actions drop-down list, select Export logs (.CSV).
- If the file does not download automatically, select to open or save the file.
SonicWall
- Navigate to Investigate option at the top of the page.
- Navigate to Logs | Connection Logs; all active connections to the SonicWall security appliance will be displayed.
- You can export all filtered result to a file for further analysis
- Click Export Results button at page Connections Monitor. The result can be exported to a plain text file, or a comma-separated-value (CSV) file.
Checkpoint
- Check Point Log Exporter is an easy and secure method to export Check Point logs over the syslog protocol from a Management Server / Log Server.
- You can configure the Log Exporter settings in SmartConsole or with CLI commands.
- You can configure advanced settings in various configuration files.
pfSense
- Please contact us here to schedule a time to talk.
Other
- Please contact us here to schedule a time to talk.