Sophos Firewall

Version : Sophos SG/UTM 9 or Sophos Firewall version 15.01.0 - 17.1.2.

Sophos Firewall is a network security device which helps organizations prevent threats and malicious activities.

Netsurion helps to monitor events from Sophos Firewall. Its dashboard and reports will help you monitor traffic, threat detected by IPS, web application filter activities and VPN activities of your organisation. Its real time alerting capability helps your security teams to act on IPS alerts, anomalous activities, configuration changes, logon failures and generate reports for the same, for assessment.

Netsurion built-in data source integration enables you to gather business intelligence providing increased security, performance, availability, and reliability of your systems.

Netsurion Data Source Integration for Sophos Firewall allows you to monitor the following components:-

  • Security - Firewall spam, virus, IPS detection and advanced threat protection, suspicious e-mail traffic.
  • Operation - Firewall admin and sandbox activities, firewall allowed/denied traffic and system health, configuration changes, FTP activities, WAF traffic.
  • Compliance - Firewall logon success and failure, VPN login/logout and logon failures.

Once Sophos XG Firewall is configured to deliver events to Netsurion Manager; alerts, dashboards and reports can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below. For more information, please refer Integration Guide.

Alerts

Type Name Description
Security Sophos Firewall - IPS Attacks Detected on System This alert is generated when a threat is detected by the Sophos Firewall.
Security Sophos Firewall - Virus or Spam Detected on System This alert is generated when any virus or spam is detected by the Sophos Firewall.
Security Sophos Firewall - Advance Threat Protection This alert is generated when any vulnerability is detected in the traffic by the Sophos Firewall.
Operations Sophos Firewall - Firewall Configuration Changed This alert is generated when any configuration changes are done in Sophos Firewall.
Compliance Sophos Firewall - User Logon Failed This alert is generated when any firewall login failure is attempted.
Compliance Sophos Firewall - VPN User Logon Failed This alert is generated when any VPN login failure is attempted.
Compliance Sophos Firewall - VPN Login and Logout This alert is generated when any VPN login and logout event is detected.
Compliance Sophos Firewall - User Login Activities This alert is generated when any firewall login and logout activity is detected.

Reports

Type Name Description
Security Sophos Firewall - Security Policy Activity Report This report provides information related to all the security policy events.
Security Sophos Firewall - Suspicious E-mail Activity Report This report provides information related to all the email traffic.
Security Sophos Firewall - Content Filter Activity Report This report provides information related to all the content filtering that is done by the Sophos Firewall.
Security Sophos Firewall - Spam Detected on System Report This report provides information related to all the spam that is detected by the Sophos Firewall.
Security Sophos Firewall - Intrusion Detected on System Report This report provides information related to all the IPS attack that is detected by the Sophos Firewall.
Security Sophos Firewall - Virus Detected on System Report This report provides information related to all the virus that is detected by the Sophos Firewall.
Security Sophos Firewall - Advanced Threat Protection Management Report This report provides information related to all the threat that is detected by the Sophos Firewall.
Operations Sophos Firewall - Administrative Activity Report This report provides information related to all admin activities.
Operations Sophos Firewall - Traffic Accepted or Denied Report This report provides information related to all the traffic that is allowed and denied by the Sophos Firewall.
Operations Sophos Firewall - WAF Traffic Accepted or Denied Report This report provides information related to all the traffic that is allowed and denied by the Sophos Firewall.
Operations Sophos Firewall - Sandbox Activity Report This report provides information related to all the sandbox activities.
Operations Sophos Firewall - System Health Status Report This report provides information related to all the system health status.
Operations Sophos Firewall - Firewall Configuration Change Report This report provides information related to configuration changes done in Sophos Firewall.
Operations Sophos Firewall - FTP File Blocked Report This report provides information about FTP activities detected by Sophos Firewall.
Operations Sophos Firewall - VPN Connection Status Report This report provides information about VPN activities detected.
Compliance Sophos Firewall - Administrator Logon or Logoff Report This report provides information related to all the admin login and logout activity.
Compliance Sophos Firewall - User Authentication Success Report This report provides information related to all the firewall login and logout activity.
Compliance Sophos Firewall - User Authentication Failed Report This report provides information related to all the firewall login failures that is done.
Compliance Sophos Firewall - VPN User Logon or Logoff Success Report This report provides information related to all the VPN login and logout activity.
Compliance Sophos Firewall - VPN User Logon Failed Report This report provides information related to all the VPN login failures that is done.

Documentation:

The configuration details are consistent with Netsurion version 9.2x and later, and Sophos Firewall (Sophos SG/UTM 9 or Sophos Firewall version 15.01.0-17.1.2).

Download Integration Guide and How-to Guide for more information and to configuration instructions.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept