Sophos Central

Version: Sophos Central SIEM integrator v2.1.0 and above

Sophos Central is a unified platform for security management and an element of Sophos synchronized security strategy to enable multiple security products to work together seamlessly with simpler management and better security.

Netsurion Open XDR manages logs retrieved from Sophos Central. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in Sophos Central.

The following are the key assets included with this Data Source Integration.

Alerts

TypeNameDescription
SecuritySophos Central – PUA detectedGenerated when a Potentially Unwanted Application (PUA) is detected.
SecuritySophos Central – Threat detectedGenerated when a suspicious file is detected.

Reports

TypeNameDescription
SecuritySophos Central – Web filter and application control eventsProvides details about web and application control related events detected by Sophos Central.
SecuritySophos Central – PUA and threat eventsProvides details about Potentially Unwanted Applications (PUA) and malware related events detected by Sophos Central.
SecuritySophos Central – DLP eventsProvides details on Data Loss Prevention (DLP) events detected by Sophos Central.
OperationalSophos Central – Update and user eventsProvides details about user and update related events detected by Sophos Central.
OperationalSophos Central – Peripheral related eventsProvides details about modification related events detected for peripherals by Sophos Central.

Dashboards

TypeNameDescription
SecuritySophos Central – DLP events detectedDisplays information related to Data Loss Prevention (DLP) events detected.
SecuritySophos Central – PUA and threat detectedDisplays information related to threat events categorized as Malware and PUA.
OperationalSophos Central – Events overviewDisplays an overview on different type of events detected.
OperationalSophos Central – Action taken by log severityDisplays event types as per severity defined.

Saved Searches

TypeNameDescription
SecuritySophos Central – DLP eventsProvides details about Data Loss Protection (DLP) related events detected by Sophos Central
SecuritySophos Central – PUA and threat eventsProvides details about Potentially Unwanted Application (PUA) and malware related events detected by Sophos Central.
SecuritySophos Central – Policy disabledProvides details on policy modification events detected by Sophos Central.
SecuritySophos Central – Web filter and application control eventsProvides details about web and application control related events detected by Sophos Central.
SecuritySophos Central – Windows firewall blockedProvides details on Windows firewall blocked events detected by Sophos Central.
OperationalSophos Central – Peripheral related eventsProvides details about modification related events detected for peripherals by Sophos Central.
OperationalSophos Central – Update and user eventsProvides details about user and update related events detected by Sophos Central.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Sophos Central.

Download the Integration Guide for configuration instructions and more information.