Forcepoint NGFW Logs
Updated Aug 31, 2023Configure Forcepoint NGFW to send logs to Arctic Wolf
You can configure your Forcepoint Next-Generation Firewall® (NGFW) to send the necessary logs to Arctic Wolf for monitoring security information.
Requirements
- Activated Arctic Wolf Sensor
Steps
Step 1: Configure Forcepoint NGFW security monitoring
You must use an account with access to the Forcepoint Stonesoft Management Center (SMC) and Forcepoint NGFW Engines to perform this configuration.
- Sign in to your Forcepoint SMC and then select Home.
- Select Others > Log Server.
- Right-click on the log server that you want to forward logs from and select Properties.
- Select the Log Forwarding tab, and then click Add to create a new rule.
- Double-click the Target Host field and then select the Arctic Wolf Sensor where you will forward the logs to.
- Click Add to add a new rule.
- Configure these log forwarding values:
-
Target Host — Select the Arctic Wolf Sensor.
-
Format — Select CEF to forward log data in the common event format.
-
Remaining required fields — Set values according to your preferences.
Tip: See the Forcepoint NGFW log forwarding documentation for more information about log forwarding rule options.
-
- Click OK to save the rule.
Step 2: Provide configuration details to Arctic Wolf
- Visit the Arctic Wolf Portal and select Contact your CST.
- Include the following information in the message for your Concierge Security® Team (CST):
- Confirmation that you have completed the steps in this configuration guide.
- The IP address and/or hostname of the Forcepoint NGFW.
- Any other questions or comments that you have.
- Select Send. Your CST will review the details and confirm that we are successfully processing the logs from your Forcepoint NGFW device.