Sophos Firewall
Version : Sophos SG/UTM 9 or Sophos Firewall version 15.01.0 – 17.1.2.
Sophos Firewall is a network security device which helps organizations prevent threats and malicious activities.
Netsurion Open XDR helps to monitor events from Sophos Firewall. Its dashboard and reports will help you monitor traffic, threat detected by IPS, web application filter activities and VPN activities of your organisation. Its real time alerting capability helps your security teams to act on IPS alerts, anomalous activities, configuration changes, logon failures and generate reports for the same, for assessment.
Netsurion Open XDR built-in data source integration enables you to gather business intelligence providing increased security, performance, availability, and reliability of your systems.
Netsurion Data Source Integration for Sophos Firewall allows you to monitor the following components:-
- Security – Firewall spam, virus, IPS detection and advanced threat protection, suspicious email traffic.
- Operation – Firewall admin and sandbox activities, firewall allowed/denied traffic and system health, configuration changes, FTP activities, WAF traffic.
- Compliance – Firewall logon success and failure, VPN login/logout and logon failures.
Once Sophos XG Firewall is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Sophos Firewall – IPS Attacks Detected on System | This alert is generated when a threat is detected by the Sophos Firewall. |
| Security | Sophos Firewall – Virus or Spam Detected on System | This alert is generated when any virus or spam is detected by the Sophos Firewall. |
| Security | Sophos Firewall – Advance Threat Protection | This alert is generated when any vulnerability is detected in the traffic by the Sophos Firewall. |
| Operations | Sophos Firewall – Firewall Configuration Changed | This alert is generated when any configuration changes are done in Sophos Firewall. |
| Compliance | Sophos Firewall – User Logon Failed | This alert is generated when any firewall login failure is attempted. |
| Compliance | Sophos Firewall – VPN User Logon Failed | This alert is generated when any VPN login failure is attempted. |
| Compliance | Sophos Firewall – VPN Login and Logout | This alert is generated when any VPN login and logout event is detected. |
| Compliance | Sophos Firewall – User Login Activities | This alert is generated when any firewall login and logout activity is detected. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Sophos Firewall – Security Policy Activity Report | This report provides information related to all the security policy events. |
| Security | Sophos Firewall – Suspicious E-mail Activity Report | This report provides information related to all the email traffic. |
| Security | Sophos Firewall – Content Filter Activity Report | This report provides information related to all the content filtering that is done by the Sophos Firewall. |
| Security | Sophos Firewall – Spam Detected on System Report | This report provides information related to all the spam that is detected by the Sophos Firewall. |
| Security | Sophos Firewall – Intrusion Detected on System Report | This report provides information related to all the IPS attack that is detected by the Sophos Firewall. |
| Security | Sophos Firewall – Virus Detected on System Report | This report provides information related to all the virus that is detected by the Sophos Firewall. |
| Security | Sophos Firewall – Advanced Threat Protection Management Report | This report provides information related to all the threat that is detected by the Sophos Firewall. |
| Operations | Sophos Firewall – Administrative Activity Report | This report provides information related to all admin activities. |
| Operations | Sophos Firewall – Traffic Accepted or Denied Report | This report provides information related to all the traffic that is allowed and denied by the Sophos Firewall. |
| Operations | Sophos Firewall – WAF Traffic Accepted or Denied Report | This report provides information related to all the traffic that is allowed and denied by the Sophos Firewall. |
| Operations | Sophos Firewall – Sandbox Activity Report | This report provides information related to all the sandbox activities. |
| Operations | Sophos Firewall – System Health Status Report | This report provides information related to all the system health status. |
| Operations | Sophos Firewall – Firewall Configuration Change Report | This report provides information related to configuration changes done in Sophos Firewall. |
| Operations | Sophos Firewall – FTP File Blocked Report | This report provides information about FTP activities detected by Sophos Firewall. |
| Operations | Sophos Firewall – VPN Connection Status Report | This report provides information about VPN activities detected. |
| Compliance | Sophos Firewall – Administrator Logon or Logoff Report | This report provides information related to all the admin login and logout activity. |
| Compliance | Sophos Firewall – User Authentication Success Report | This report provides information related to all the firewall login and logout activity. |
| Compliance | Sophos Firewall – User Authentication Failed Report | This report provides information related to all the firewall login failures that is done. |
| Compliance | Sophos Firewall – VPN User Logon or Logoff Success Report | This report provides information related to all the VPN login and logout activity. |
| Compliance | Sophos Firewall – VPN User Logon Failed Report | This report provides information related to all the VPN login failures that is done. |
Documentation:
The configuration details are consistent with Netsurion Open XDR 9.2x and later, and Sophos Firewall.
Download Integration Guide and How-to Guide for configuration instructions and more information.