Threat Risk Assessment
Firewall Log Upload Directions

Thank you for choosing to run a Threat Risk Assessment with Threater. In order to complete your assessment, we will need to perform an analysis of your firewall logs.

Be Prepared to Provide

Please download a firewall connection log with the following fields included:

  • Source IP
  • Destination IP
  • Allowed/Denied status
  • Timestamp

If you are unable to pull a file with these fields included, we can utilize the data from a syslog server. Please reach out to: threatassessments@threater.com and we will provide further instructions on this.

Upload Instructions

Please choose your firewall provider below for instructions on how to download your firewall logs.

*If you are uploading through SysLogs, please contact us here to schedule a time to talk.

**If you are uploading a file size over 256MB, please upload directly to Dropbox here.

Threat Risk Assessment - Log Upload

Drag a file here or browse from your computer:

Upload
INFORMATION BEFORE YOU BEGIN YOUR UPLOAD:

Ensure you can obtain your firewall logs/or know from your organization who can

Date range: Your provided logs can be for any range of time, but the longer the period of time, the more analysis we can provide.

File format: This file can be in the firewall vendor’s default format.

Firewall Providers

Palo Alto Networks logo

Palo Alto Networks

Step 1:

  • Set the number of rows to display in the report.
  • Select DeviceSetupManagement, then edit the Logging and Reporting Settings.
  • Click the Log Export and Reporting tab.
  • Edit the number of Max Rows in CSV Export (up to 1048576 rows).
  • Click OK.

Step 2:

  • Download the log.
  • Click Export to CSV. A progress bar showing the status of the download appears.
  • When the download is complete, click Download file to save a copy of the log to your local folder. For descriptions of the column headers in a downloaded log, refer to Syslog Field Descriptions.
Fortinet logo

Fortinet

  • Log View -> Fortigate -> Traffic
  • All Forigate
  • Set to 7 days
  • In the top right, click the wrench and select ‘Download’
  • In the format dropdown select ‘Text’
  • Compress with gzip (if necessary)
  • Select ‘All Pages’
  • Download
Cisco logo

Cisco

  • This requires a syslog upload. Please contact us here to schedule a time to talk.
Sophos logo

Sophos

  • To use WinSCP, follow the steps on the Basic Tasks page.
  • To use the PSCP utility on your Windows device, download it here.
  • Open Command Prompt and navigate to the directory where the PSCP client is stored and use the following command to copy the log file from the Sophos Firewall to your local Windows device.
  • pscp -scp admin@:/log/
  • After running the command, the system will prompt for the admin password for the Sophos Firewall. If the password is correct, it will copy the file and save it to the requested location.
WatchGuard logo

Watchguard

  • Select the device or folder.
  • From the list of reports, select Logs > Log Manager.
    Log messages for the selected device or devices show, with traffic log messages shown by default.
  • From the Actions drop-down list, select Export logs (.CSV).
  • If the file does not download automatically, select to open or save the file.
SonicWall logo

SonicWall

  • Navigate to Investigate option at the top of the page.
  • Navigate to Logs | Connection Logs; all active connections to the SonicWall security appliance will be displayed.
  • You can export all filtered result to a file for further analysis
  • Click Export Results button at page Connections Monitor. The result can be exported to a plain text file, or a comma-separated-value (CSV) file.
Checkpoint logo

Checkpoint

  • Check Point Log Exporter is an easy and secure method to export Check Point logs over the syslog protocol from a Management Server / Log Server.
  • You can configure the Log Exporter settings in SmartConsole or with CLI commands.
  • You can configure advanced settings in various configuration files.

pfSense

  • Please contact us here to schedule a time to talk.
Other Firewall logo

Other

  • Please contact us here to schedule a time to talk.