Applies To: WatchGuard SIEMFeeder
To use the WatchGuard SIEMFeeder service, make sure your environment meets these requirements.
- Your environment has a network of computers protected by WatchGuard EDR or WatchGuard EPDR.
- You have as many active licenses for the SIEMFeeder service as you do for WatchGuard EDR or WatchGuard EPDR.
- Your environment has a computer with Event Importer installed on it.
For more information, see Configure and Run Event Importer.
- Your environment has Firewall rules that allow for the Event Importer computer to download log files from the Microsoft Azure infrastructure.
- (Optional) Proxy server settings are valid. If you use a proxy server with Event Importer, it must use WebSockets to enable access.
For more information, see Configure and Run Event Importer
- Your environment has enough bandwidth to receive the Event Importer data. Event Importer generates an average of 500 KB of compressed data and creates a GZIP file from the data. The bandwidth that Event Importer must have, depends on the number of user computers that SIEMFeeder monitors and the maximum of the configurable allowable delay.