Review configuration options for WatchGuard firewalls in RocketCyber
||Detects attempts to crash your network by overwhelming available resources.
This can take the form of using all available bandwidth, memory, or other network resources
||Detects malicious actors attempting to discover what ports are open on your network
|IPS detection (general)
||Detections from the WatchGuard Intrusion Prevention System (IPS)
||Detections from WatchGuards Advanced Persistent Threat tools
||Detects your network leaking data
||Determines whether traffic originated from a known malicious IP address
||Detects attempts to change the reported source of traffic entering your network (for example, to avoid reputation lookups)
|IPS license expired
||A friendly reminder when your IPS license expires
|ICMP, IKE, IPSEC, UDP flood attacks
||Various methods of overwhelming network resources to crash your network
||A virus detected at your gateway
|Detect VPN use
||This will monitor and inform you if someone enables or attempts to use a VPN on your network.
Only use this if VPN should be disabled on your network!
The expected format for WatchGuard logs is space-separated. For example
<140>Feb 4 10:47:38 ABC-FW 8265941A0BAD (2020-02-04T15:47:38) firewall: msg_id="3000-0148" Allow 1-Trusted 0-External 52 tcp 20 127 192.168.101.12 18.104.22.168 31757 443 offset 8 S 2947993982 win 32 geo_dst="USA" (HTTPS-proxy-00)