We are testing out Blumira and seriously considering adding it to our security stack. I believe Blumira is working on a firewall parser for pfSense (future integration) … however it is currently not available. Just curious if anyone is currently capturing pfSense logs into Blumira in a useful way?
So far, our testing shows the false positives to be very low which is fantastic. Reminds me of Huntress
I will bug them again about officially finishing the pfsense integration, I think it’s still their most requested one.
So like Tom said, there isn’t an official parser for it yet, but it is possible to get the logs in a generic format if you need to. You can reach out to Blumira and they can create a report that will essentially give you a timestamp and a “message” column, which will contain the entire string from pfSense. Not the best, but can be useful if you need to do some forensics.
Thanks Frank. We have also submitted in integration request for pfSense here:
(selecting the importance at the bottom)
Fingers crossed Blumira releases something soon.
I am curious if a pfSense integration would include Suricata and/or Snort log monitoring. Ie. through Detection Rules. Or if something more would be required.
I’ve been wondering the same about snort/suricata, but figure I’ll take it one step at a time and not bombard them . I will say I’ve been extremely happy with their support the times I have reached out though.