Ctrlk
ProductBook a demoOpen app
linkedinyoutube

Forcepoint NGFW

Connect Forcepoint NGFW to Radiant Security to forward firewall logs for AI triage.

Forcepoint NGFW is a next-generation firewall that protects networks against intrusions, malware, evasions, and unauthorized application use. Connecting Forcepoint NGFW forwards firewall logs and SMC audit log entries to Radiant Security through the Radiant Agent. Radiant uses this telemetry to enrich alerts with network context, giving analysts visibility into traffic activity and administrative actions during triage.

Prerequisites

Add the data connector in Radiant Security

  1. Log in to Radiant Security.

  2. From the navigation menu, click Settings > Data Connectors, then click + Add Connector.

  3. Search for and select Radiant Agent, then click Data Feeds.

  4. Under Select your data feeds, select Forcepoint NGFW, then click Credentials.

  5. Under Credential Name, enter an identifiable name for the Radiant Agent integration (e.g., Radiant Agent integration). To reuse an existing Radiant Agent credential, select it from the drop-down menu.

  6. Click Add Connector.

Configure Forcepoint SMC to forward logs

Before starting, confirm the IP address of the Radiant Agent and the port configured to receive Forcepoint NGFW data. If you do not know the port, contact your Customer Success representative.

One Log Server element is automatically created during SMC installation. Repeat these steps for every Log Server you want to forward from.

  1. Sign in to Forcepoint SMC.

  2. Click Home, then click Others > Log Server.

  3. Right-click the log server you want to forward logs from, then select Properties.

  4. Click the Log Forwarding tab.

  5. Click Add and enter the following values:

    • Service: UDP

    • Port: the port configured on the Radiant Agent to receive Forcepoint NGFW data

    • Format: JSON

    • Data Type: All Log Data

  6. Double-click the Target Host cell to open the Select Host dialog box.

  7. Click the Settings icon, then select New > Host.

  8. In the Name field, enter Radiant-Security-Syslog.

  9. In the IP field, enter the IP address of the Radiant Agent.

  10. Click OK, then select the new host and click Select.

  11. In the Log Server TLS Certificate dialog, select No client Authentication.

  12. Click OK to save the log forwarding rule.

Verify ingestion

After Forcepoint NGFW begins forwarding, confirm alerts and events are reaching Radiant.

  1. In Radiant, navigate to Log Management.

  2. Filter by rs_connectorType:"forcepoint_ngfw".

  3. Confirm recent alerts and events appear.

Allow several minutes for alerts and events to be parsed, indexed, and available for search.

PreviousForcepointNextForcepoint ONE

Last updated

Was this helpful?