Using an external service to monitor the firewall enables
you to receive alerts for important events, archive monitored information
on systems with dedicated long-term storage, and integrate with
third-party security monitoring tools. The following are some common
scenarios for using external services:
To send an HTTP-based API request directly to any third-party
service that exposes an API to automate a workflow or an action.
You can, for example, forward logs that match a defined criteria
to create an incidence ticket on Service Now instead of relying
on an external system to convert syslog messages or SNMP traps to
an HTTP request. You can modify the URL, HTTP header, parameters,
and the payload in the HTTP request to trigger an action based on
the attributes in a firewall log. See Forward Logs to an HTTP(S) Destination.
For long-term log storage and centralized firewall monitoring,
you can Configure Syslog Monitoring to
send log data to a syslog server. This enables integration with
third-party security monitoring tools such as Splunk! or ArcSight.
For monitoring statistics on the IP traffic that traverses
firewall interfaces, you can Configure NetFlow Exports to
view the statistics in a NetFlow collector.