Sophos Firewall

OverviewResources

Once Sophos XG Firewall is configured to deliver events to EventTracker Manager; alerts, dashboards and reports can be configured into EventTracker.

Some of the Knowledge Packs available in EventTracker are listed below. For more information, please refer Integration Guide.

Security

Alerts

Sophos Firewall - IPS Attacks Detected on System: This alert is generated when a threat is detected by the Sophos Firewall.
Sophos Firewall - Virus or Spam Detected on System: This alert is generated when any virus or spam is detected by the Sophos Firewall.
Sophos Firewall - Advance Threat Protection: This alert is generated when any vulnerability is detected in the traffic by the Sophos Firewall.

Reports

Sophos Firewall - Security Policy Activity Report: This report provides information related to all the security policy events.
Sophos Firewall- Suspicious E-mail Activity Report: This report provides information related to all the email traffic.
Sophos Firewall - Content Filter Activity Report: This report provides information related to all the content filtering that is done by the Sophos Firewall.
Sophos Firewall - Spam Detected on System Report: This report provides information related to all the spam that is detected by the Sophos Firewall.
Sophos Firewall - Intrusion Detected on System Report: This report provides information related to all the IPS attack that is detected by the Sophos Firewall.
Sophos Firewall - Virus Detected on System Report: This report provides information related to all the virus that is detected by the Sophos Firewall.
Sophos Firewall - Advanced Threat Protection Management Report: This report provides information related to all the threat that is detected by the Sophos Firewall.

Operations

Alerts

Sophos Firewall- Firewall Configuration Changed: This alert is generated when any configuration changes are done in Sophos Firewall.

Reports

Sophos Firewall - Administrative Activity Report: This report provides information related to all admin activities.
Sophos Firewall - Traffic Accepted or Denied Report: This report provides information related to all the traffic that is allowed and denied by the Sophos Firewall.
Sophos Firewall - WAF Traffic Accepted or Denied Report: This report provides information related to all the traffic that is allowed and denied by the Sophos Firewall.
Sophos Firewall - Sandbox Activity Report: This report provides information related to all the sandbox activities.
Sophos Firewall - System Health Status Report: This report provides information related to all the system health status.
Sophos Firewall - Firewall Configuration Change Report: This report provides information related to configuration changes done in Sophos Firewall.
Sophos Firewall - FTP File Blocked Report: This report provides information about FTP activities detected by Sophos Firewall.
Sophos Firewall - VPN Connection Status Report: This report provides information about VPN activities detected.

Compliance

Alerts

Sophos Firewall - User Logon Failed: This alert is generated when any firewall login failure is attempted.
Sophos Firewall - VPN User Logon Failed: This alert is generated when any VPN login failure is attempted.
Sophos Firewall - VPN Login and Logout: This alert is generated when any VPN login and logout event is detected.
Sophos Firewall - User Login Activities: This alert is generated when any firewall login and logout activity is detected.

Reports

Sophos Firewall - Administrator Logon or Logoff Report: This report provides information related to all the admin login and logout activity.
Sophos Firewall - User Authentication Success Report: This report provides information related to all the firewall login and logout activity.
Sophos Firewall - User Authentication Failed Report: This report provides information related to all the firewall login failures that is done.
Sophos Firewall - VPN User Logon or Logoff Success Report: This report provides information related to all the VPN login and logout activity.
Sophos Firewall - VPN User Logon Failed Report: This report provides information related to all the VPN login failures that is done.

Scope

The configuration details are consistent with EventTracker version 9.2x and later, and Sophos Firewall (Sophos SG/UTM 9 or Sophos Firewall version 15.01.0-17.1.2).

Documentation:

To configure Sophos Firewall to send logs to EventTracker, refer to the How-to Guide.

For more information please refer to the Integration guide