Document toolboxDocument toolbox

Firewall systems

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Last updated: Feb 15, 2022
3 min read

This group includes tags that start with the level firewall. These tags identify data generated by firewall services.

Company Product / service Valid tags

Barracuda firewall

  • firewall.barracuda.audit

image2021-6-15_11-33-6.png

Check Point Firewall

  • firewall.checkpoint.fw

Check more info about these parsers

Check Point GAiA

  • firewall.checkpoint.gaia

Check more info about these parsers

Check Point OPSEC LEA

  • firewall.checkpoint.lea

Check more info about these parsers

Check Point Log Exporter

  • firewall.checkpoint.log_exporter

Check more info about these parsers

Encontrados 5 zero-days en Cisco Discovery Protocol - Una al Día

Cisco ASA

This technology is also supported in CEF via syslog.+info

  • firewall.cisco.asa

Check more info about these parsers

Cisco Firepower Management Center

  • firewall.cisco.fmc

Check more info about these parsers

Cisco Firepower Threat Defense

  • firewall.cisco.ftd

Check more info about these parsers

Cisco Firewall Services Module

This technology is also supported in CEF via syslog.+info

  • firewall.cisco.fwsm

Check more info about these parsers

Cisco PIX 

  • firewall.cisco.pix

Check more info about these parsers

Fortinet FortiGate (FortiOS Traffic, Security, and Event logs)

This technology is also supported in CEF via syslog.+info

  • firewall.fortinet.anomaly.anomaly
  • firewall.fortinet.event.admin
  • firewall.fortinet.event.config
  • firewall.fortinet.event.dhcp
  • firewall.fortinet.event.dns
  • firewall.fortinet.event.ha
  • firewall.fortinet.event.his-performance
  • firewall.fortinet.event.ipsec
  • firewall.fortinet.event.pattern
  • firewall.fortinet.event.perf.historical
  • firewall.fortinet.event.sslvpn-session
  • firewall.fortinet.event.sslvpn-user
  • firewall.fortinet.event.system
  • firewall.fortinet.event.user
  • firewall.fortinet.event.vpn
  • firewall.fortinet.event.wireless
  • firewall.fortinet.ips.anomaly
  • firewall.fortinet.traffic.forward
  • firewall.fortinet.traffic.local
  • firewall.fortinet.traffic.multicast
  • firewall.fortinet.traffic.other
  • firewall.fortinet.traffic.violation
  • firewall.fortinet.utm.app-ctrl
  • firewall.fortinet.utm.emailfilter
  • firewall.fortinet.utm.ips
  • firewall.fortinet.utm.virus
  • firewall.fortinet.utm.webfilter

Check more info about these parsers

image2021-6-15_15-3-55.png

Huawei firewall

  • firewall.huawei.ngfw.aaa
  • firewall.huawei.ngfw.cm
  • firewall.huawei.ngfw.fw-log
  • firewall.huawei.ngfw.ifnet
  • firewall.huawei.ngfw.ifpdt
  • firewall.huawei.ngfw.info
  • firewall.huawei.ngfw.module
  • firewall.huawei.ngfw.mstp
  • firewall.huawei.ngfw.ntp
  • firewall.huawei.ngfw.sec
  • firewall.huawei.ngfw.shell
  • firewall.huawei.ngfw.spr
  • firewall.huawei.ngfw.ssh

Check more info about these parsers






Juniper Integrated Services Gateway

  • firewall.juniper.isg.system
  • firewall.juniper.isg.traffic
  • firewall.juniper.srx.idp
  • firewall.juniper.srx.probe
  • firewall.juniper.srx.system
  • firewall.juniper.srx.traffic
  • firewall.juniper.srx.utm
  • firewall.juniper.ssg.system
  • firewall.juniper.ssg.traffic

Check more info about these parsers

Juniper Network & Security Manager

This technology is also supported in CEF via syslog.+info

  • firewall.juniper.nsm.traffic

Check more info about these parsers



Juniper SRX-series Firewalls

  • firewall.juniper.srx.idp 
  • firewall.juniper.srx.probe
  • firewall.juniper.srx.system
  • firewall.juniper.srx.traffic
  • firewall.juniper.srx.utm

Check more info about these parsers

Juniper Secure Services Gateway

  • firewall.juniper.ssg.system
  • firewall.juniper.ssg.traffic

Check more info about these parsers

Cisco Meraki Firewall

  • firewall.meraki.events
  • firewall.meraki.flows
  • firewall.meraki.idsAlerts
  • firewall.meraki.urls

Linux kernel firewall - iptables

  • firewall.iptables.std

Microsoft Windows Firewall

  • firewall.windows.stdout

Check more info about these parsers

Palo Alto Networks Firewall

  • firewall.paloalto.config
  • firewall.paloalto.system
  • firewall.paloalto.threat
  • firewall.paloalto.traffic
  • firewall.paloalto.correlation
  • firewall.paloalto.hipmatch
  • firewall.paloalto.url
  • firewall.paloalto.userid

Check more info about these parsers

pfSense Firewall

  • firewall.pfsense.everything
  • firewall.pfsense.filterlog
  • firewall.pfsense.firewall
  • firewall.pfsense.system

Check more info about these parsers

SonicWall Firewall (SonicOS)

  • firewall.sonicwall.general
  • firewall.sonicwall.genv58

Check more info about these parsers

Sophos UTM

Sophos XG Firewall

  • firewall.sophos.general.system
  • firewall.sophos.securemail.smtp
  • firewall.sophos.securenet.ips
  • firewall.sophos.securenet.packetfilter
  • firewall.sophos.securenet.vpn
  • firewall.sophos.secureweb.eplog
  • firewall.sophos.secureweb.http
  • firewall.sophos.system.auth
  • firewall.sophos.system.confd
  • firewall.sophos.system.eplog
  • firewall.sophos.system.epsecd
  • firewall.sophos.system.ha 
  • firewall.sophos.system.loadbalancing
  • firewall.sophos.system.red
  • firewall.sophos.system.up2date
  • firewall.sophos.system.wifi
  • firewall.sophos.xgfirewall.contentfiltering
  • firewall.sophos.xgfirewall.fw
  • firewall.sophos.xgfirewall.general
  • firewall.sophos.xgfirewall.wirelessprotection
  • firewall.sophos.xgfirewall.contentfiltering
  • firewall.sophos.xgfirewall.fw
  • firewall.sophos.xgfirewall.general
  • firewall.sophos.xgfirewall.wirelessprotection

Check more info about these parsers

StoneGate Firewall - Forcepoint NGFW

  • firewall.stonegate.ips
  • firewall.stonegate.leef
  • firewall.stonegate.xml

Check more info about these parsers

WatchGuard Security

  • firewall.watchguard.traffic