Version:

Configuring Sophos

Adding a Normalization Policy for Sophos

  1. Go to Settings >> Configuration >> Normalization Policies.

  2. At the top left, click **Add.

  3. Enter a Policy Name.

  4. In Compiled Normalizers, select Sophos.

  5. In Normalization Packages, select Sophos.

  6. Click Submit.

_images/normalization1.png

Adding a Normalization Policy

Adding Sophos as a Device in LogPoint

  1. Go to Settings >> Configuration >> Devices.

  2. At the top left, click Add.

Create Device Panel

Creating Sophos as a Device

  1. Enter a device Name.

  2. Enter the IP address(es) of the Sophos server.

  3. Select the Device Groups.

  4. Select an appropriate Log Collection Policy for the logs.

  5. Select a collector or a forwarder in the Distributed Collector drop-down menu.

Note

It is optional to select the Device Groups, the Log Collection Policy, and the Distributed Collector.

  1. Select a Time Zone.

Note

The timezone of the device must be same as its log source.

  1. Configure the Risk Values for Confidentiality, Integrity, and Availability used to calculate the risk levels of the alerts generated from the device.

  2. Click Submit.

Configuring the Syslog Collector for Sophos

  1. Click the Add icon from Actions.

  2. Click Syslog Collector on AVAILABLE COLLECTORS FETCHERS.

Available Collectors Fetchers Panel

Available Collectors and Fetchers

  1. Select the Syslog Parser.

Syslog Collector Panel

Configuring the Syslog Collector

  1. Select the Processing Policy which contains the normalization policy you added previously.

  2. Select the Charset.

  3. In PROXY SERVER, select None.

  4. Click Submit.

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support