Threat Risk Assessment
Firewall Log Upload Directions

Thank you for choosing to run a Threat Risk Assessment with Threater. In order to complete your assessment, we will need to perform an analysis of your firewall logs.

Before proceeding, please be sure you can obtain your firewall logs or know who from your organization is able to do this.

If you have any questions, please email threatassessments@threater.com.

Be Prepared to Provide

Please download a firewall connection log with the following fields included:

Source IP
Destination IP
Allowed/Denied status
Timestamp

If you are unable to pull a file with these fields included, we can utilize the data from a syslog server. Please reach out to: threatassessments@threater.com and we will provide further instructions on this.

Upload Instructions

Please choose your firewall provider below for instructions on how to download your firewall logs.

*If you are uploading through SysLogs, please contact us here to schedule a time to talk.

**If you are uploading a file size over 256MB, please upload directly to Dropbox here.

Threat Risk Assessment - Log Upload

INFORMATION BEFORE YOU BEGIN YOUR UPLOAD:

Ensure you can obtain your firewall logs/or know from your organization who can

Date range: Your provided logs can be for any range of time, but the longer the period of time, the more analysis we can provide.

File format: This file can be in the firewall vendor’s default format.

Firewall Providers

Palo Alto Networks

Step 1:

Set the number of rows to display in the report.
Select DeviceSetupManagement, then edit the Logging and Reporting Settings.
Click the Log Export and Reporting tab.
Edit the number of Max Rows in CSV Export (up to 1048576 rows).
Click OK.

Step 2:

Download the log.
Click Export to CSV. A progress bar showing the status of the download appears.
When the download is complete, click Download file to save a copy of the log to your local folder. For descriptions of the column headers in a downloaded log, refer to Syslog Field Descriptions.

Fortinet

Log View -> Fortigate -> Traffic
All Forigate
Set to 7 days
In the top right, click the wrench and select ‘Download’
In the format dropdown select ‘Text’
Compress with gzip (if necessary)
Select ‘All Pages’
Download

Cisco

This requires a syslog upload. Please contact us here to schedule a time to talk.

Sophos

To use WinSCP, follow the steps on the Basic Tasks page.
To use the PSCP utility on your Windows device, download it here.
Open Command Prompt and navigate to the directory where the PSCP client is stored and use the following command to copy the log file from the Sophos Firewall to your local Windows device.
```
pscp -scp admin@:/log/
```
After running the command, the system will prompt for the admin password for the Sophos Firewall. If the password is correct, it will copy the file and save it to the requested location.

Watchguard

Select the device or folder.
From the list of reports, select Logs > Log Manager.
Log messages for the selected device or devices show, with traffic log messages shown by default.
From the Actions drop-down list, select Export logs (.CSV).
If the file does not download automatically, select to open or save the file.

SonicWall

Navigate to Investigate option at the top of the page.
Navigate to Logs | Connection Logs; all active connections to the SonicWall security appliance will be displayed.
You can export all filtered result to a file for further analysis
Click Export Results button at page Connections Monitor. The result can be exported to a plain text file, or a comma-separated-value (CSV) file.

Checkpoint

Check Point Log Exporter is an easy and secure method to export Check Point logs over the syslog protocol from a Management Server / Log Server.
You can configure the Log Exporter settings in SmartConsole or with CLI commands.
You can configure advanced settings in various configuration files.

pfSense

Please contact us here to schedule a time to talk.

Other

Please contact us here to schedule a time to talk.

Threat Risk AssessmentFirewall Log Upload Directions