Dashboard to monitor malicious attacks on Soniwall firewalls

I am looking to monitor my Sonicwall Firewall for malicious attacks. I would like to see a dashboard that would show the open ports, amount of traffic incoming, and other possible malicious attacks or possible vulnerabilities that are on the Sonicwall and if possible a monitoring alerts.

Hi @mhenderson

Welcome to the forum :wave:

Here is a very old dashboard by @fadjar340.

I would start there or ping the dashboard author :+1:

For this sonicwall malicious attack, below my configuration:

  1. Sonicwall send log to centralized log
  2. Centralized log using rsyslog that received TCP/UDP in port 514
  3. Each of sonicwall have their own folder
  4. Logstash to parse the log file of the sonicwall
  5. Elasticsearch as time series database using specific index, sonicwall-%yyyy-%mm-%dd
  6. Grafana to visualize the suspected malicious attack
  7. Grafana send alert to Telegram about the suspected malicious attack

Fadjar Tandabawana

1 Like