Sophos Web Security Application

Version: Sophos Web Security Application

Sophos is a Web Security Application (WSA), built to secure web gateway that makes web protection simple. It provides advanced protection from today’s sophisticated web malware and gives user full control over their employee’s online activity. User can easily create policies for individuals or groups while gaining important insights into user activity on their network.

Netsurion Open XDR helps to monitor events from Sophos WSA. Its dashboard, alerts and reports will help you track allowed and blocked traffic activities. It will trigger alert such as, user decided to proceed with warned web traffic; or any ;suspicious and malicious web request found.

Once Sophos WSA is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Sophos WSA – A Potential Criminal activity found This alert is triggered when a potential criminal activity is detected in Sophos WSA.
Security Sophos WSA – A potential hacking activity detected This alert is triggered when a potential hacking activity is detected in Sophos WSA.
Security Sophos WSA – A Potential Spam URL found This alert is triggered when a potential spam URL is detected in Sophos WSA.
Security Sophos WSA – A potential spyware detected This alert is triggered when a potential spyware is detected in Sophos WSA.
Security Sophos WSA – A Potential Phishing and Fraud activity detected This alert is triggered when a potential phishing and fraud activity is detected in Sophos WSA.
Security Sophos WSA – A suspicious web traffic has been blocked This alert is triggered when a suspicious web traffic is detected in Sophos WSA.
Security Sophos WSA – User decided to proceed with warned web traffic This alert is triggered when a user, decides to proceed with warned web traffic detected in Sophos WSA.

Reports

Type Name Description
Security Sophos WSA – Blocked Activities This report gives information about all allowed activities detected in Sophos WSA. Report contains user detail, source IP address, domain name, and other useful information.
Compliance Sophos WSA – Allowed Activities This report gives information about all allowed activities detected in Sophos WSA. Report contains user detail, source IP address, domain name, and other useful information.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3x and later, and Sophos WSA.

Download Integration Guide and How-to Guide for configuration instructions and more information.