WatchGuard Technologies SIEM Feeder

Enriches and forwards endpoint telemetry to SIEMs
Buy now Contact

Publisher

WatchGuard Technologies

Subcategories

EDR/MDR & Threat Detection

Average rating

Deze score is berekend door AI op basis van publiek beschikbare informatie.
4.4 / 5

About this software

WatchGuard SIEMFeeder collects endpoint process and threat events from WatchGuard EDR and EPDR products, enriches them with threat intelligence, and stages the data in Microsoft Azure for retrieval. An Event Importer component downloads generated log files and forwards them to local files, Apache Kafka queues, or syslog collectors for ingestion by a customer SIEM. Logs are exported in LEEF by default, with CEF available on request.

Purchase

WatchGuard Technologies SIEM Feeder

WatchGuard Technologies SIEM Feeder
In Stock
Delivery: 1 working day
Loading...
€0.62
Free and without obligation

Do you need more information or looking for another license?

envelope Get in contact phone Call me calendar Schedule a meeting

Benefits

  • Centralized endpoint telemetry: Delivers enriched endpoint event data to a single SIEM feed
  • Security context enrichment: Adds WatchGuard threat intelligence to raw endpoint events before export
  • Multiple delivery channels: Supports file, Apache Kafka, and syslog delivery channels for log export
  • Standard SIEM formats: Outputs logs in LEEF by default and optionally CEF for SIEMs
  • Integration prerequisites: Works with WatchGuard EDR, EPDR, and Advanced EPDR endpoint products

Available languages

  • English
  • Español
  • Français
  • Deutsch
  • 日本語

Support information

  • Documentation: Complete online product documentation and configuration guides are available on the WatchGuard Help Center
  • Software downloads: Event Importer install packages are available from the WatchGuard software downloads page
  • Integration guides: Integration documentation for Splunk and other SIEMs is available in WatchGuard integration guides
  • Community forum: WatchGuard Community forums host discussions and official posts about SIEMFeeder usage and troubleshooting
  • Support portal: Access technical resources and submit support cases through the WatchGuard Support portal

Frequently asked questions

What does SIEMFeeder do?
SIEMFeeder collects endpoint process and threat events, enriches them with WatchGuard security intelligence, and provides a single export stream for download and ingestion by a customer's SIEM platform.
Which WatchGuard products support SIEMFeeder?
WatchGuard EDR, WatchGuard EPDR, and WatchGuard Advanced EPDR support SIEMFeeder according to WatchGuard product documentation.
In what formats are logs exported?
Logs are exported in Log Event Extended Format (LEEF) by default; Common Event Format (CEF) is available on request from WatchGuard.
How are logs delivered to a SIEM server?
WatchGuard places enriched logs in Azure and Event Importer downloads them to deliver via local files, Apache Kafka queues, or syslog channels to a SIEM server.
How long does WatchGuard retain generated logs in cloud storage?
The Microsoft Azure platform retains undelivered generated logs for up to seven days and up to 80 GB per customer, per WatchGuard documentation.