Sophos Central
Version: Sophos Central SIEM integrator v2.1.0 and above
Sophos Central is a unified platform for security management and an element of Sophos synchronized security strategy to enable multiple security products to work together seamlessly with simpler management and better security.
Netsurion Open XDR manages logs retrieved from Sophos Central. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in Sophos Central.
The following are the key assets included with this Data Source Integration.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Sophos Central – PUA detected | Generated when a Potentially Unwanted Application (PUA) is detected. |
| Security | Sophos Central – Threat detected | Generated when a suspicious file is detected. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Sophos Central – Web filter and application control events | Provides details about web and application control related events detected by Sophos Central. |
| Security | Sophos Central – PUA and threat events | Provides details about Potentially Unwanted Applications (PUA) and malware related events detected by Sophos Central. |
| Security | Sophos Central – DLP events | Provides details on Data Loss Prevention (DLP) events detected by Sophos Central. |
| Operational | Sophos Central – Update and user events | Provides details about user and update related events detected by Sophos Central. |
| Operational | Sophos Central – Peripheral related events | Provides details about modification related events detected for peripherals by Sophos Central. |
Dashboards
| Type | Name | Description |
|---|---|---|
| Security | Sophos Central – DLP events detected | Displays information related to Data Loss Prevention (DLP) events detected. |
| Security | Sophos Central – PUA and threat detected | Displays information related to threat events categorized as Malware and PUA. |
| Operational | Sophos Central – Events overview | Displays an overview on different type of events detected. |
| Operational | Sophos Central – Action taken by log severity | Displays event types as per severity defined. |
Saved Searches
| Type | Name | Description |
|---|---|---|
| Security | Sophos Central – DLP events | Provides details about Data Loss Protection (DLP) related events detected by Sophos Central |
| Security | Sophos Central – PUA and threat events | Provides details about Potentially Unwanted Application (PUA) and malware related events detected by Sophos Central. |
| Security | Sophos Central – Policy disabled | Provides details on policy modification events detected by Sophos Central. |
| Security | Sophos Central – Web filter and application control events | Provides details about web and application control related events detected by Sophos Central. |
| Security | Sophos Central – Windows firewall blocked | Provides details on Windows firewall blocked events detected by Sophos Central. |
| Operational | Sophos Central – Peripheral related events | Provides details about modification related events detected for peripherals by Sophos Central. |
| Operational | Sophos Central – Update and user events | Provides details about user and update related events detected by Sophos Central. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Sophos Central.
Download the Integration Guide for configuration instructions and more information.