Threat Risk Assessment
Be Prepared to Provide
Please download a firewall connection log with the following fields included:
- Source IP
- Destination IP
- Allowed/Denied status
If you are unable to pull a file with these fields included, we can utilize the data from a syslog server. Please reach out to: firstname.lastname@example.org and we will provide further instructions on this.
Threat Risk Assessment - Log Upload
Ensure you can obtain your firewall logs/or know from your organization who can
Date range: Your provided logs can be for any range of time, but the longer the period of time, the more analysis we can provide.
File format: This file can be in the firewall vendor’s default format.
- Set the number of rows to display in the report.
- Select DeviceSetupManagement, then edit the Logging and Reporting Settings.
- Click the Log Export and Reporting tab.
- Edit the number of Max Rows in CSV Export (up to 1048576 rows).
- Click OK.
- Download the log.
- Click Export to CSV. A progress bar showing the status of the download appears.
- When the download is complete, click Download file to save a copy of the log to your local folder. For descriptions of the column headers in a downloaded log, refer to Syslog Field Descriptions.
- Log View -> Fortigate -> Traffic
- All Forigate
- Set to 7 days
- In the top right, click the wrench and select ‘Download’
- In the format dropdown select ‘Text’
- Compress with gzip (if necessary)
- Select ‘All Pages’
- To use WinSCP, follow the steps on the Basic Tasks page.
- To use the PSCP utility on your Windows device, download it here.
- Open Command Prompt and navigate to the directory where the PSCP client is stored and use the following command to copy the log file from the Sophos Firewall to your local Windows device.
pscp -scp admin@:/log/
- After running the command, the system will prompt for the admin password for the Sophos Firewall. If the password is correct, it will copy the file and save it to the requested location.
- Select the device or folder.
- From the list of reports, select Logs > Log Manager.
Log messages for the selected device or devices show, with traffic log messages shown by default.
- From the Actions drop-down list, select Export logs (.CSV).
- If the file does not download automatically, select to open or save the file.
- Navigate to Investigate option at the top of the page.
- Navigate to Logs | Connection Logs; all active connections to the SonicWall security appliance will be displayed.
- You can export all filtered result to a file for further analysis
- Click Export Results button at page Connections Monitor. The result can be exported to a plain text file, or a comma-separated-value (CSV) file.