SIEMFeeder Requirements

Applies To: WatchGuard SIEMFeeder This topic applies to the WatchGuard endpoint security module, SIEMFeeder. SIEMFeeder is available with WatchGuard EPDR and WatchGuard EDR.

To use the WatchGuard SIEMFeeder service, make sure your environment meets these requirements.

• Your environment has a network of computers protected by WatchGuard EDR, WatchGuard EPDR, or WatchGuard Advanced EPDR.
• You have as many active licenses for the SIEMFeeder service as you do for WatchGuard EDR, WatchGuard EPDR, or WatchGuard Advanced EPDR.
• Your environment has a computer with Event Importer installed on it.
  For more information, go to Configure and Run Event Importer.
  
• Your environment has Firewall rules that allow for the Event Importer computer to download log files from the Microsoft Azure infrastructure.
• (Optional) Proxy server settings are valid. If you use a proxy server with Event Importer, it must use WebSockets to enable access. The use of the system proxy for SIEMFeeder communication is not supported.
  For more information, go to Configure and Run Event Importer
• Your environment has enough bandwidth to receive the Event Importer data. Event Importer generates an average of 500 KB of compressed data and creates a GZIP file from the data. The bandwidth that Event Importer must have, depends on the number of user computers that SIEMFeeder monitors and the maximum of the configurable allowable delay.

Related Topics

About SIEMFeeder

About SIEM Servers

Event Importer Requirements