Sophos Web Appliance

Version: Sophos Web Appliance

Sophos is a Web Security Application (web appliance), built to secure web gateway that makes web protection simple. It provides advanced protection from today’s sophisticated web malware and gives user full control over their employees online activities. User can easily create policies for individuals or groups while gaining important insights into user activity on their network

Netsurion Open XDR helps to monitor events from Sophos Web Appliance. Its dashboard, alerts and reports will help you track allowed and blocked traffic activities. It will trigger alert such as, Warned URL accessed by user or any URL with malicious category accessed.

Once Sophos Web Appliance is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Sophos Web Appliance – URL with malicious category accessed This alert is triggered when a URL with criminal and hacking category is matched in Sophos Web Appliance.
Security Sophos Web Appliance – Spam URL found This alert is triggered when a potential spam URL is detected in Sophos Web Appliance.
Security Sophos Web Appliance – URL with spyware categories accessed This alert is triggered when a potential spyware is detected in Sophos Web Appliance.
Security Sophos Web Appliance – URL with phishing/fraud category accessed This alert is triggered when a potential phishing and fraud activity is detected in Sophos Web Appliance.
Security Sophos Web Appliance – Suspicious URL has been blocked This alert is triggered when a suspicious web traffic is detected in Sophos Web Appliance.
Security Sophos Web Appliance – Warned URL accessed by User This alert is triggered when a user decides to proceed with warned web traffic is detected in Sophos Web Appliance.

Reports

Type Name Description
Security Sophos Web Appliance – Blocked Activities This report gives information about all allowed activities detected in Sophos web appliance. Report contains user detail, source IP address, domain name, and other useful information.
Compliance Sophos Web Appliance – Allowed Activities This report gives information about all allowed activities detected in Sophos web appliance. Report contains user detail, source IP address, domain name, and other useful information.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3x and later, and Sophos Web Appliance.

Download Integration guide and How-to Guide for configuration instructions and more information.