Sophos Firewall

Applies To: Sophos SG/UTM 9 or Sophos Firewall version 15.01.0 - 17.1.2.

Overview

Sophos Firewall is a network security device which helps organizations prevent threats and malicious activities.

EventTracker helps to monitor events from Sophos Firewall. Its dashboard and reports will help you monitor traffic, threat detected by IPS, web application filter activities and VPN activities of your organisation. Its real time alerting capability helps your security teams to act on IPS alerts, anomalous activities, configuration changes, logon failures and generate reports for the same, for assessment.

EventTracker built-in knowledge pack enables you to gather business intelligence providing increased security, performance, availability, and reliability of your systems.

EventTracker Knowledge Pack for Sophos Firewall allows you to monitor the following components:-

• Security - Firewall spam, virus, IPS detection and advanced threat protection, suspicious e-mail traffic.
• Operation - Firewall admin and sandbox activities, firewall allowed/denied traffic and system health, configuration changes, FTP activities, WAF traffic.
• Compliance - Firewall logon success and failure, VPN login/logout and logon failures.

Previous Next

Once Sophos XG Firewall is configured to deliver events to EventTracker Manager; alerts, dashboards and reports can be configured into EventTracker.

Some of the Knowledge Packs available in EventTracker are listed below. For more information, please refer Integration Guide.

Scope

The configuration details are consistent with EventTracker version 9.2x and later, and Sophos Firewall (Sophos SG/UTM 9 or Sophos Firewall version 15.01.0-17.1.2).

Documentation:

To configure Sophos Firewall to send logs to EventTracker, refer to the How-to Guide.

For more information please refer to the Integration guide