Monitoring and filtering just about any firewall has
never been so easy with Microsoft Sentinel and the SecQube Portal
A great feature of Microsoft Sentinel is monitoring firewalls. When combined with the SecQube Portal you have a powerful tool to quickly find the root cause of a firewall attack
Our unique No-Code KQL interface will allow you to click on any of the orange entries, for example a port. Harvey will then start to build the query for you
By using the No-Code KQL interface you can filter the devices actions to locate the action on the firewall. Like find all open ports after a port scan
Massive advantage with the way SecQube monitors firewall logs is we do not move the logs from Sentinel.
The SecQube portal can handle as many firewalls as you need to monitor.
With the built in RBAC system firewall logs are permission based.
Build and/or run No-Code KQL queries quickly at any skill level.
Add any IP you see in the logs to the filter to hunt for any traces in the firewall section.
Use the firewall logs as a part of the hunting process.
Hover over any external Public IP
Hover over any port for futher explaination
Reference any firewall action as a filter
SecQube Firewall monitoring is critical for several reasons:
1. Detect Threats: Monitoring your firewalls lets you detect potential threats or malicious activities in real-time. By continuously examining the traffic that passes through the firewall, you can identify patterns or behaviours that may indicate a security threat.
2. Prevent Breaches: Continuous firewall monitoring can help prevent security breaches. If a potential threat is detected, immediate action can be taken to neutralise it, preventing it from penetrating your network.
3. Compliance: Many regulations and standards require regular firewall monitoring. By continuously monitoring your firewall, you can ensure that you are meeting these requirements and avoid potential fines or penalties.
4. Performance Optimisation: Monitoring the firewall also helps to ensure it is performing optimally. If the firewall is not working efficiently, it can slow down the network and reduce productivity.
5. Incident Response: If a security incident does occur, having detailed logs from your firewall can help in the investigation and remediation process. It provides valuable information about the incident, such as when it occurred, how it happened, and what systems were affected.
6. Proactive Security: Regular monitoring allows for a more proactive approach to security.
Instead of waiting for a breach to occur, you can identify patterns or behaviours that may indicate a security threat by continuously examining the traffic that passes through the firewall, thereby identifying and addressing potential threats before they become a problem.
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}