ELS and Firewall Events


#1

Greetings all,

I’m wondering if there’s a manageable way to pull the logs of the firewall events. Currently, with ELS, I see the only way is to pull the logs hour by hour and throw away the normal logs. However, there is a “Firewall Events” section on the dashboard that shows all Blocks, Challenges, and Simulates. If I want to pull this data to incorporate it into another security tool, is there an endpoint for that?


#2

@jeremiah.faison I believe our dev team is working on a specific endpoint for WAF/ security related events. At the moment ELS is the way to do it (for better or for worse) but I anticipate in the not too distant future we will announce a new endpoint. Your SE may have more info… or may tell you @cscharff is smoking something.


#3

Yes please Access to Firewall Event logs via API? :slight_smile: