Parse pfSense/OPNSense logs using Logstash, GeoIP tag entities, add additional context to logs, then send to Azure Sentinel for analysis.
-
Updated
Feb 28, 2022
Parse pfSense/OPNSense logs using Logstash, GeoIP tag entities, add additional context to logs, then send to Azure Sentinel for analysis.
📨 sql based firewall event logging via nflog netlink and ulogd2 userspace daemon. improved sql scheme for space efficient storage. multi-host log aggregation using dedicated sql-users.
Misc. scripts for Windows Defender Firewall
Sophos XGS Live Log Viewer by Benjamin Iheukumere
Enterprise SOC monitoring lab that uses Active Directory, Windows logs, pfSense firewall data, Splunk SIEM, and attack simulations to practice detection engineering, alert triage, and incident response.
Offline Linux firewall forensics app that parses iptables/nftables logs, detects port scans, C2 beaconing, lateral movement, privilege escalation, and exports HMAC-signed evidence bundles.
Add a description, image, and links to the firewall-logs topic page so that developers can more easily learn about it.
To associate your repository with the firewall-logs topic, visit your repo's landing page and select "manage topics."