Configure Forcepoint NGFW to send logs to Arctic Wolf

You can configure Forcepoint Next-Generation Firewall (NGFW)® to send the necessary logs to Arctic Wolf® for security monitoring.

These resources are required:

An activated Arctic Wolf Sensor or Virtual Log Collector (vLC)
An account with access to the Forcepoint Stonesoft Management Center (SMC) and Forcepoint NGFW Engines

Configure Forcepoint NGFW security monitoring

Sign in to your Forcepoint SMC.
Click Home.
Click Others > Log Server.
Right-click the log server that you want to forward logs from, and then select Properties.
Click the Log Forwarding tab.
Click Add.
Double-click the Target Host field, and then select the Arctic Wolf Sensor to forward the logs to.
Click Add, and then configure these settings:
- Target Host — Select the Arctic Wolf Sensor.
- Format — Select CEF.
- Any other fields that you want to configure.
  Tip: For more information, see Forcepoint NGFW log forwarding documentation.
Click OK.

Sign in to the Arctic Wolf Unified Portal.
In the navigation menu, click Tickets & Alerts > All Tickets.
Perform the appropriate action, depending on if you are:
- A new customer — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
- An existing customer — Click Open a New Ticket.
On the Open a New Ticket page, configure these settings:
- What is this ticket related to? — Select General request.
- Subject — Enter Syslog changes.
- Related ticket (optional) — Keep empty.
- Message — Enter this information for your Concierge Security® Team (CST):
  - Confirmation that you completed the steps in this configuration guide.
  - The IP address or hostname of the Arctic Wolf Sensor that you used during the configuration.
  - The IP address, timezone, and device type for all sources that you are forwarding.
  - Questions or comments that you have.
Click Send Message.

Your CST reviews the details to make sure that Arctic Wolf is successfully processing the logs.