Review configuration options for WatchGuard firewalls in RocketCyber
|DDoS attack||Detects attempts to crash your network by overwhelming available resources.
This can take the form of using all available bandwidth, memory, or other network resources
|Port scan||Detects malicious actors attempting to discover what ports are open on your network|
|IPS detection (general)||Detections from the WatchGuard Intrusion Prevention System (IPS)|
|APT detection||Detections from WatchGuards Advanced Persistent Threat tools|
|Data leak||Detects your network leaking data|
|Reputation lookup||Determines whether traffic originated from a known malicious IP address|
|IP spoofing||Detects attempts to change the reported source of traffic entering your network (for example, to avoid reputation lookups)|
|IPS license expired||A friendly reminder when your IPS license expires|
|ICMP, IKE, IPSEC, UDP flood attacks||Various methods of overwhelming network resources to crash your network|
|GAV Virus||A virus detected at your gateway|
|Detect VPN use||This will monitor and inform you if someone enables or attempts to use a VPN on your network.
Only use this if VPN should be disabled on your network!
The expected format for WatchGuard logs is space-separated. For example
<140>Feb 4 10:47:38 ABC-FW 8265941A0BAD (2020-02-04T15:47:38) firewall: msg_id="3000-0148" Allow 1-Trusted 0-External 52 tcp 20 127 192.168.101.12 126.96.36.199 31757 443 offset 8 S 2947993982 win 32 geo_dst="USA" (HTTPS-proxy-00)