Threat Sensors
Threat Sensors are the network devices and security solutions that send threat logs to NxtFireGuard for processing. Every log they forward is analyzed by the Threat Collector and used to build the IP Score database — which drives automated blocking decisions across your blocklists.
Supported Integrations
| Security Solution | Type | Log Transmission |
|---|---|---|
| PaloAlto-NGFW | Firewall | Direct HTTPS |
| Cisco-FTD (managed with FMC) | Firewall | via Feed Aggregator (Syslog) |
| Cisco-ISE | AAA Server | via Feed Aggregator (Syslog) |
| T-Pot | Honeypot | via Feed Aggregator (Logstash) |
| Generic | Any | Custom API integration |
For devices not listed above, the Generic integration allows you to forward logs from any source by building a custom connector.
Adding a Threat Sensor
Adding a sensor is a three-step process:
- Go to Threat Sensors under Data Ingestion in the sidebar and click + Add Sensor.
- Step 1: Name and Hostname: Enter a descriptive name for the sensor and the case-sensitive hostname of the device you are adding. The hostname must exactly match what appears in the logs sent by the device.
- Step 2: Sensor Type: Select the sensor type from the dropdown (Cisco-FTD, Cisco-ISE, PaloAlto-NGFW, T-Pot, or Generic).
- Step 3: Contribution Settings: Choose whether this sensor should contribute private signals, public signals, or both to the IP Score database. Private signals are limited to your own account, while public signals contribute to the community-wide threat intelligence pool.
- Click Create Threat Sensor.
Once created, open the sensor via Edit to access its Setup Instructions by clicking View Instructions. Follow the integration guide for your specific sensor type to complete the connection.
After the first log is received, the sensor will show as active in the overview with a last active timestamp and a 24-hour contribution count.
Managing Threat Sensors
Editing a sensor: click Edit on any sensor card to update its name, hostname, type, or contribution settings. The Edit panel also gives you access to View Instructions if you need to revisit the setup guide.
Deleting a sensor: click Delete Threat Sensor inside the Edit panel. This removes the sensor from NxtFireGuard entirely. Make sure you have disabled log forwarding on the device first, any logs that arrive without a matching sensor cannot be mapped and will not be processed.
Contribution settings are visible directly on each sensor card, showing whether the sensor is contributing private and/or public signals. These can be changed at any time via the Edit panel.
If you need help, reach out via the contact form.