Version:

Sophos

Sophos normalizes Sophos events and enables you to analyze Sophos data. It includes the Syslog Collector based Sophos General log source template, which ensures consistency in collecting, processing and analyzing Sophos logs for precise security event analysis and reporting.

The Sophos dashboards and security reports let you analyze the normalized information. The dashboards visualize events related to threats, infected files, spam emails, peripheral devices, and the web. You can customize it to perform in-depth analysis by changing the data used in a search.

Logpoint triggers security alerts based on predetermined alert rules when identifying the Sophos firewall events. The automated alerts enable you to detect possible issues early and take corrective actions against them.

You can configure Sophos from Log Source Template or Devices. We recommend using log source template.

Supported Devices/Sources

  • Sophos Unified Threat Management (UTM) v8

  • Sophos UTM Web Application Firewall XG310

  • Sophos Endpoint Antivirus version 5.2.1 R2

  • Sophos XG Firewall v15.x

Sophos Components

  1. Compiled Normalizers

Modularized Compiled Normalizer:

Modularization separates a program’s functionality into independent, interchangeable modules. Each module contains everything necessary to executes only one aspect of the program’s functionality. With modularization it is easier to add and maintain smaller program components, understand the purpose of each module, and reuse and refactor them. The modularized compiled normalizer SophosCompiledNormlaizer includes the modules like SophosCentralCompiledNormalizer, SophosCentralCEFCompiledNormalizer and SophosEndPointCompiledNormalizer that are capable of carrying out task(s) independently and work as basic constructs for the SophosCompiledNormlaizer.

  1. Dashboards

    • LP_Sophos Central

    • LP_Sophos UTM Overview

    • LP_Sophos UTM Safeguarding

    • LP_Sophos UTM Secure Mail

    • LP_Sophos UTM Secure Net

    • LP_Sophos UTM Secure Web

    • LP_Sophos UTM System

    • LP_Sophos XG Firewall LP_Sophos

  2. Alerts

    • LP_Sophos XG Firewall - Outbound Attack Detected by IDP

    • LP_Sophos Central - Multiple Instances of Failed Update

    • LP_Sophos Central - User Application blocked

    • LP_Sophos Central - Multiple Host Affected by the same threat

    • LP_Sophos Central - Endpoint Policy Non Compliant

    • LP_Sophos Central - Real Time Protection Disabled

    • LP_Sophos Central - Same Domain Blocked for Multiple User

    • LP_Sophos Central - Multiple Peripheral Devices Allowed

    • LP_Sophos Central - Potential Threat Detected

    • LP_Sophos Central - User Browsing Blocked Sites

    • LP_Sophos XG Firewall - Detected Malware Infected Mail

    • LP_Sophos XG Firewall - Excess Amount of IP Spoof Denied

    • LP_Sophos Central - Host is Out of Date

    • LP_Sophos Central - Same Application Blocked for Multiple User

    • LP_Sophos XG Firewall - Inbound Attack Detected by IDP

    • LP_Sophos Central - User Browsing Multiple Blocked Sites

    • LP_Sophos XG Firewall - Spam Mail Detected and Accepted

    • LP_Sophos Central - User Accessing Multiple Blocked Application

    • LP_Sophos Central - Multiple Threat Affected Host

  3. Report Packages

    • LP_Sophos UTM Safeguarding

    • LP_Sophos XG Firewall

  4. Normalization Packages

    • LP_Sophos E-mail Appliance

    • LP_Sophos Web Appliance

    • LP_Sophos UTM Process

    • LP_Sophos Generic

  5. Knowledge Base (KB) Lists

    • CONCERNED_CONTENT

    • EXTREMIST_CONTENT

    • CRIMINAL_CONTENT

    • VULNERABLE_CONTENT

  6. Label Packages

    • LP_Sophos Central

    • LP_Sophos Endpoint Antivirus

    • LP_Sophos UTM

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support