Using an external service to monitor the firewall enables
you to receive alerts for important events, archive monitored information
on systems with dedicated long-term storage, and integrate with
third-party security monitoring tools. The following are some common
scenarios for using external services:
To send an HTTP-based API request directly to any third-party
service that exposes an API to automate a workflow or an action.
You can, for example, forward logs that match a defined criteria
to create an incidence ticket on ServiceNow instead of relying on
an external system to convert syslog messages or SNMP traps to an
HTTP request. You can modify the URL, HTTP header, parameters, and
the payload in the HTTP request to trigger an action based on the
attributes in a firewall log. See Forward
Logs to an HTTP(S) Destination.
For long-term log storage and centralized firewall monitoring,
you can Configure
Syslog Monitoring to send log data to a syslog server. This
enables integration with third-party security monitoring tools such
as Splunk or ArcSight.
For monitoring statistics on the IP traffic that traverses
firewall interfaces, you can Configure
NetFlow Exports to view the statistics in a NetFlow collector.