Blumira’s modern cloud SIEM platform integrates with SonicWall Next-Generation Firewall to stream security event logs to the Blumira service.
Additionally, enabling Blumira’s dynamic blocklist capabilities on your integrated next-generation firewall allows us to provide automated blocking of known threats. Learn more about enabling Blumira’s blocklists to block malicious source IP addresses and domains for automated threat response.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Installing a Blumira sensor with Ubuntu before you continue.
Obtain the IP address of your Blumira sensor to use when configuring the external service.
To gather the IP address of the sensor:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Configuring log forwarding
To begin forwarding logs to Blumira, follow these steps:
- Log in to the SonicWall device as an Admin.
- Navigate to Manage > Log Settings > SYSLOG.
- Click Add.
- In the Name or IP Address field, enter the IP address of the Blumira sensor.
- Click OK.
Note: If you are pushing syslogs to another source, you will need to prioritize the Blumira policy higher to push logs to Blumira.
Reference: How can I configure a syslog server on a SonicWall firewall?