Sophos Firewall

Version : Sophos SG/UTM 9 or Sophos Firewall version 15.01.0 – 17.1.2.

Sophos Firewall is a network security device which helps organizations prevent threats and malicious activities.

Netsurion Open XDR helps to monitor events from Sophos Firewall. Its dashboard and reports will help you monitor traffic, threat detected by IPS, web application filter activities and VPN activities of your organisation. Its real time alerting capability helps your security teams to act on IPS alerts, anomalous activities, configuration changes, logon failures and generate reports for the same, for assessment.

Netsurion Open XDR built-in data source integration enables you to gather business intelligence providing increased security, performance, availability, and reliability of your systems.

Netsurion Data Source Integration for Sophos Firewall allows you to monitor the following components:-

  • Security – Firewall spam, virus, IPS detection and advanced threat protection, suspicious email traffic.
  • Operation – Firewall admin and sandbox activities, firewall allowed/denied traffic and system health, configuration changes, FTP activities, WAF traffic.
  • Compliance – Firewall logon success and failure, VPN login/logout and logon failures.

Once Sophos XG Firewall is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Sophos Firewall – IPS Attacks Detected on System This alert is generated when a threat is detected by the Sophos Firewall.
Security Sophos Firewall – Virus or Spam Detected on System This alert is generated when any virus or spam is detected by the Sophos Firewall.
Security Sophos Firewall – Advance Threat Protection This alert is generated when any vulnerability is detected in the traffic by the Sophos Firewall.
Operations Sophos Firewall – Firewall Configuration Changed This alert is generated when any configuration changes are done in Sophos Firewall.
Compliance Sophos Firewall – User Logon Failed This alert is generated when any firewall login failure is attempted.
Compliance Sophos Firewall – VPN User Logon Failed This alert is generated when any VPN login failure is attempted.
Compliance Sophos Firewall – VPN Login and Logout This alert is generated when any VPN login and logout event is detected.
Compliance Sophos Firewall – User Login Activities This alert is generated when any firewall login and logout activity is detected.

Reports

Type Name Description
Security Sophos Firewall – Security Policy Activity Report This report provides information related to all the security policy events.
Security Sophos Firewall – Suspicious E-mail Activity Report This report provides information related to all the email traffic.
Security Sophos Firewall – Content Filter Activity Report This report provides information related to all the content filtering that is done by the Sophos Firewall.
Security Sophos Firewall – Spam Detected on System Report This report provides information related to all the spam that is detected by the Sophos Firewall.
Security Sophos Firewall – Intrusion Detected on System Report This report provides information related to all the IPS attack that is detected by the Sophos Firewall.
Security Sophos Firewall – Virus Detected on System Report This report provides information related to all the virus that is detected by the Sophos Firewall.
Security Sophos Firewall – Advanced Threat Protection Management Report This report provides information related to all the threat that is detected by the Sophos Firewall.
Operations Sophos Firewall – Administrative Activity Report This report provides information related to all admin activities.
Operations Sophos Firewall – Traffic Accepted or Denied Report This report provides information related to all the traffic that is allowed and denied by the Sophos Firewall.
Operations Sophos Firewall – WAF Traffic Accepted or Denied Report This report provides information related to all the traffic that is allowed and denied by the Sophos Firewall.
Operations Sophos Firewall – Sandbox Activity Report This report provides information related to all the sandbox activities.
Operations Sophos Firewall – System Health Status Report This report provides information related to all the system health status.
Operations Sophos Firewall – Firewall Configuration Change Report This report provides information related to configuration changes done in Sophos Firewall.
Operations Sophos Firewall – FTP File Blocked Report This report provides information about FTP activities detected by Sophos Firewall.
Operations Sophos Firewall – VPN Connection Status Report This report provides information about VPN activities detected.
Compliance Sophos Firewall – Administrator Logon or Logoff Report This report provides information related to all the admin login and logout activity.
Compliance Sophos Firewall – User Authentication Success Report This report provides information related to all the firewall login and logout activity.
Compliance Sophos Firewall – User Authentication Failed Report This report provides information related to all the firewall login failures that is done.
Compliance Sophos Firewall – VPN User Logon or Logoff Success Report This report provides information related to all the VPN login and logout activity.
Compliance Sophos Firewall – VPN User Logon Failed Report This report provides information related to all the VPN login failures that is done.

Documentation:

The configuration details are consistent with Netsurion Open XDR 9.2x and later, and Sophos Firewall.

Download Integration Guide and How-to Guide for configuration instructions and more information.