Lesson Progress
0% Complete

The firewall is a network security system that controls the incoming and outgoing network traffic based on applied rule sets. A firewall establishes a barrier between a trusted, secure internal network and another network that is assumed not to be secure and trusted.

The logs from the firewall assists in the identification of any traffic to or from a known malicious domain as well as identifying anomalous traffic that is not considered normal for the said environment.

Data Set

  • Event timestamp
  • Source IP address
  • Destination IP address
  • Source port
  • Destination port
  • Device type
  • Device class
  • Device subclass
  • Message severity
  • Source Interface
  • Destination Interface
  • Access group
  • Remaining message
  • Protocol_NET
  • Event_Type
  • Protocol_APP
  • Source_MAC
  • Destination_MAC
  • Network

Common Vendors

  • Cisco (ASA Firewalls)
  • Checkpoint (Checkpoint Firewalls)
  • Palo Alto (Palo Alto Firewalls)
  • Juniper