SIEMFeeder Requirements

Applies To: WatchGuard SIEMFeederThis topic applies to the WatchGuard endpoint security module, SIEMFeeder. SIEMFeeder is available with WatchGuard EPDR and WatchGuard EDR.

To use the WatchGuard SIEMFeeder service, make sure your environment meets these requirements.

• Your environment has a network of computers protected by WatchGuard EDR or WatchGuard EPDR.
• You have as many active licenses for the SIEMFeeder service as you do for WatchGuard EDR or WatchGuard EPDR.
• Your environment has a computer with Event Importer installed on it.
  For more information, see Configure and Run Event Importer.
  
• Your environment has Firewall rules that allow for the Event Importer computer to download log files from the Microsoft Azure infrastructure.
• (Optional) Proxy server settings are valid. If you use a proxy server with Event Importer, it must use WebSockets to enable access.
  For more information, see Configure and Run Event Importer
• Your environment has enough bandwidth to receive the Event Importer data. Event Importer generates an average of 500 KB of compressed data and creates a GZIP file from the data. The bandwidth that Event Importer must have, depends on the number of user computers that SIEMFeeder monitors and the maximum of the configurable allowable delay.

See Also

About SIEMFeeder

About SIEM Servers

Event Importer Requirements