Sophos Enterprise Console
Version: Sophos Enterprise Console 5.3.
Sophos Enterprise Console is a single, automated console that manages and updates Sophos security software on computers running Windows, Mac OS X, Linux and UNIX operating systems. It enables you to protect your network against viruses, Trojans, worms, spyware, malicious websites, and unknown threats, as well as adware and other potentially unwanted applications.
Netsurion Open XDR integration utility will facilitate the transfer of events from Sophos database to Netsurion Open XDR manager. Netsurion will generate alerts when a threat is detected, and if changes take place in the Enterprise console. Netsurion Open XDR will generate reports and dashboards for threats detected, changes in Enterprise console, application controls and web controls.
Netsurion Data Source Integration for Sophos Enterprise Console allows you to monitor the following components:-
- Operations – Tamper protection events.
- Security – Threat detection, web and application control events, device and data control events.
- Compliance – Audit Events.
Once Sophos Enterprise is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Sophos EC – Threat detected | This alert is generated when threat is detected on client system. |
| Compliance | Sophos EC – Configuration changes | This alert is generated when changes happen in policy, group, computer, etc. in Sophos Enterprise Console. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Sophos EC – Application Control | This report provides information related to application control module of Sophos enterprise console. It will give us the information about clients who are trying to access the application which is allowed or blocked through application policy. |
| Security | Sophos EC – Threat detected | This report provides information related to threat detected on system. It will provide us information about system on which threat is detected and give us the details of threat like the threat name, threat type, etc. |
| Security | Sophos EC – Firewall events | This report provides information related to firewall activities happened on client systems. It will give us the allowed and blocked network activities information of client system. |
| Security | Sophos EC – Device control | This report provides information related to device control module of Sophos Enterprise console. This report will show the device information which is being blocked or allowed by device control policy. |
| Security | Sophos EC – Data control | This report provides information related to DLP module of Sophos enterprise console. This will give us the information about sensitive data which user is trying to send to other unauthorized users using USB transfer, file transfer, email transfer, etc. |
| Security | Sophos EC – Web control | This report provides information related to web control module of Sophos enterprise console. It will give us the information of users who are trying to access website which is allowed or blocked by web filter and web control. |
| Operations | Sophos EC – Tamper protection | This report provides information related to devices on which the user is trying to make changes in agent like Sophos Endpoint protection uninstallation or policy changes. |
| Compliance | Sophos EC – Audit events | This report provides information related to changes happened in Sophos enterprise console like policy created, deleted and modified, computer added, group added, etc. It will provide us the information about the users who are trying to change the configuration of Sophos enterprise console. |
Documentation
The configuration details are consistent with Netsurion Open XDR 8.x and later, Sophos Enterprise Console.
Download Integration Guide for configuration instructions and more information.