I’ve transitioned from network admin over to security and have slowly been working more with our Insight products, mainly IDR. Currently we have two Sonicwalls sending logs to IDR but from what I can tell, the dashboard cards are pretty dysfunctional. Specifically, “Denied Traffic by Port” and “…over Time” are always flat/no data. Basically IDR’s not able to read or make sense of the logs unless we do some manual work to parse them better. I can’t tell if support even wants to do that or not.
Essentially IDR is almost useless to me with regards to the firewall reporting. It’s frustrating.
That said, I’m also planning to get away from Sonicwall and move to PAN or FortiNet if I can convince management. I’m hoping IDR integrates with those systems a bit better.