Cyber Chasse- Firewall Logs Analytics

Zyxell Zywall Firewall logs Analytics Using Splunk

In today’s computing era, firewall logs are mandatory for a network security system, as it restricts unauthorized access to or from any private network. It monitors and limits incoming and outgoing network traffic based on security rules that are predetermined. 

 This firewall generates the logs under different categories such as traffic log, system monitoring, DHCP logs, control logs, security policy and many more. So having one spot to know about everything related to this will help in having a glance at the network environment. 

The idea behind this is to use the logs and analyze to obtain insights into network activity and the associated threats using Splunk. 

 Visualization build using Splunk is categorized as follows: 

 • Firewall Device Info 

 • Network Traffic 

 • Data usage 

 • Security Breach attempts 

Firewall Device info:  

  It offers info related to firewall hardware devices installed in the company environment. 

firewall logs

Network Traffic:  

 It represents daily or weekly data consumption through the available network i.e. outgoing and incoming traffic. 

firewall logs

Data usage: 

            It represents outgoing/incoming data usage of all the network devices connected to the network of the company. 

The traffic logs hold data consumption based on the available MAC addresses in firewall logs, therefore we need to create a lookup with MAC and IP addresses along with the device’s owner to get the actual list of devices. 

firewall logs

 Security Breach Attempts: 

            As the name suggested by the panels, it provides insights into multiple login attempts by outside networks in our network. Also, it shows IP addresses that are restricted by the firewall. With this information, it is possible to track the brute force attacks and block those attackers too. 

firewall logs

Alerts through Splunk is categorized as follows:  

Splunk generates alerts as per the provided triggering conditions that are based on firewall logs. 

Device-based usage limit breach 

Device-based usage limit breach

Overall Data Usage limit breach. 

Overall Data Usage limit breach

If you still face issues in this topic do not hesitate to post your doubts in the Comment Box Below and for more such interesting posts follow us on 👍 Social Networks, Happy Splunking