Forcepoint NGFW Logs

Updated Aug 31, 2023

Configure Forcepoint NGFW to send logs to Arctic Wolf

You can configure your Forcepoint Next-Generation Firewall® (NGFW) to send the necessary logs to Arctic Wolf for monitoring security information.

Requirements

Steps

  1. Configure Forcepoint NGFW security monitoring.
  2. Provide configuration details to Arctic Wolf.

Step 1: Configure Forcepoint NGFW security monitoring

You must use an account with access to the Forcepoint Stonesoft Management Center (SMC) and Forcepoint NGFW Engines to perform this configuration.

  1. Sign in to your Forcepoint SMC and then select Home.
  2. Select Others > Log Server.
  3. Right-click on the log server that you want to forward logs from and select Properties.
  4. Select the Log Forwarding tab, and then click Add to create a new rule.
  5. Double-click the Target Host field and then select the Arctic Wolf Sensor where you will forward the logs to.
  6. Click Add to add a new rule.
  7. Configure these log forwarding values:
    1. Target Host — Select the Arctic Wolf Sensor.

    2. Format — Select CEF to forward log data in the common event format.

    3. Remaining required fields — Set values according to your preferences.

      Tip: See the Forcepoint NGFW log forwarding documentation for more information about log forwarding rule options.

  8. Click OK to save the rule.

Step 2: Provide configuration details to Arctic Wolf

  1. Visit the Arctic Wolf Portal and select Contact your CST.
  2. Include the following information in the message for your Concierge Security® Team (CST):
    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address and/or hostname of the Forcepoint NGFW.
    • Any other questions or comments that you have.
  3. Select Send. Your CST will review the details and confirm that we are successfully processing the logs from your Forcepoint NGFW device.