We are pleased to announce the upcoming release of new out-of-the-box detections available for our SonicWall integration, effective Thursday, February 5. These detections improve visibility into proxy activity, firewall configuration changes, malware events and outbound traffic.
All detections are available out-of-the-box and do not require any additional configurations within the Adlumin platform but please be advised that some detections rely on specific SonicWall licenses to ensure the required logs and telemetry are available.
New Detections
| Detection | Category | Description | SonicWall License Required |
| Application Control – Remote Proxy Access | Evasion & Hidden Network Activity (T1090) | Detects the use of remote proxy applications identified through SonicWall Application Control. | Application Control – CGSS/AGSS |
| Anomalous Proxy Access Classification | Unusual or Suspicious Network Behavior (T1090 / T1071) | Identifies anomalous or suspicious proxy behavior using Application Control and IPS signatures. | Application Control / IPS |
| Firewall NAT Rule Modification | Unauthorized or Unexpected Configuration Changes (T1562.004) | Detects changes to firewall NAT rules using standard SonicWall firewall logs. | Base license |
| Anti-Spyware Detection Alert | Malware & Threat Detection (T1055 / T1218) | Generates alerts for anti-spyware events logged by the SonicWall device. | Anti-Spyware – GAV/IPS |
| Outbound FTP or SSH Traffic Detected | Potential Data Movement or Remote Access (T1048 / T1021) | Detects outbound FTP or SSH traffic. Application Control adds enhanced application-level classification. | Base license / Application Control |
For full details please be sure to review Adlumin Release Notes documentation.