Sophos Email Appliance

Version: Sophos Email Appliance version 4.2.X.X and later.

Sophos Email Appliance is an appliance for filtering email. It provides tools for routing incoming and outgoing mail, configuring policies for email processing, monitoring mail flow, and allowing end-user access to a message quarantine.

Netsurion Open XDR helps to monitor events from Sophos Email Appliance. It’s knowledge object and flex reports will help you to analyse mail traffic, admin activities and to monitor policy or configuration changes.

Netsurion Data Source Integrations for Sophos Email Appliance allows you to monitor the following :-

• Security – Allowed,blocked or quarantine email traffic details and admin user login details.
• Operation – Configuration or policy change details.

Once Sophos Email Appliance is configured to deliver events to Netsurion Open XDR Manager; Dashboards, reports, knowledge object and categories can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Reports

Type	Name	Description
Security	Sophos Email Appliance – Allowed email traffic details	This report gives information about the messages which were delivered(allowed) by the message policy rules.
Security	Sophos Email Appliance – Blocked or quarantine email traffic details	This report gives information about the messages which were discarded or quarantined by the message policy rules.
Security	Sophos Email Appliance – Admin user login details	This report gives information related to admin logon activity.
Operations	Sophos Email Appliance – Configuration changes	This report gives the information about configurations changed by the users.
Operations	Sophos Email Appliance – Policy Changes	This report gives the information about the message policies changed by the users.

Documentation

The configuration details are consistent with Netsurion Open XDR 8.x and later, Sophos Email Appliance.

Download Integration Guide for configuration instructions and more information