Seqrite XDR

SonicWall Connector

Print Friendly, PDF & Email

System Configuration Requirements

  1. CPU and RAM:
    A configuration of 2 vCPUs and 4 GB of RAM is sufficient for deployments. For higher loads, consider scaling up the resources.
  2. Syslog System:
    The Syslog system must be operational 24/7 to ensure continuous monitoring and logging.
  3. IP Address:
    A static IP address is required for stable connectivity and configuration.

SonicWall Ingestion Connector Configuration

Ingestion Configuration

  1. Navigate to the Connector page in the XDR portal and select Ingestion.
  2. Select Event Connector.
  3. Click Configure.
  4. Enter the Collector ID and Password.
  5. Click Validate and Save.

SonicWall Ingestion Connector Requirements

  1. Static IP Address: Ensure the machine has a static IP address.
  2. Docker Installation: Install Docker Engine by following the instructions on Get Docker.
    • Start Docker with the following command: 
      sudo systemctl start docker
  3. Collect the system's IP address.
  4. Opening the Port for Firewall
    For Linux and macOS:
    Open port 514 in the system firewall using the following commands: 

     # Opening port in linux system firewall
    sudo firewall-cmd --permanent --add-port=514/udp
    sudo firewall-cmd --reload

    For Windows:
    Open PowerShell as an administrator and run the following commands to open port 514: 

    # Opening port in Windows system firewall
 New-NetFirewallRule -DisplayName "Allow UDP Port 514" -Direction Inbound -Protocol UDP -LocalPort 514 -Action Allow
 New-NetFirewallRule -DisplayName "Allow UDP Port 514" -Direction Outbound -Protocol UDP -LocalPort 514 -Action Allow
  5. Download the Docker image tar file from the provided URL: 
     https://hawkkhunt.seqrite.com/edr/v1/edr/ga/qa/edr/v10/event_collector/download?collectorId=<Collector_ID>&password=<Password>
  6. Load the Docker image using the following command: 
    sudo docker load --input <path_to_hhcollector-1.0.0.tar>
  7. Start the event collector agent with the following command: 
    sudo docker run -p 514:514/udp --env COLLECTOR_ID=<Collector_ID> hhcollector

SonicWall Firewall Configuration

  1. Ensure the event collector is running.
  2. Access the SonicWall Web Interface.
  3. Navigate to Logs & Reporting > Log Settings > Syslog > Syslog Server.
  4. Add a new syslog server:
    • Set the event collector machine's IP address.
    • Set the UDP port to 514.
  5. Save the changes.
    Sonic Wall Firewall
Was this page helpful?
Yes No