Version:

Sophos

Sophos allows you to monitor and identify threats in your organization using Sophos data. LogPoint aggregates and normalizes Sophos logs so you can analyze the information through dashboards and security reports. Sophos dashboards allow you to visualize events related to threats, infected files, spam email, peripheral devices, and the web. Furthermore, when LogPoint identifies the Sophos firewall events, it triggers security alerts based on predetermined rules. The automated alerts enable you to detect possible issues early and take corrective actions against them.

Sophos consists of the following components:

  1. Dashboards

    • LP_Sophos Central

    • LP_Sophos UTM Overview

    • LP_Sophos UTM Safeguarding

    • LP_Sophos UTM Secure Mail

    • LP_Sophos UTM Secure Net

    • LP_Sophos UTM Secure Web

    • LP_Sophos UTM System

    • LP_Sophos XG Firewall LP_Sophos

  2. Alerts

    • LP_Sophos XG Firewall - Outbound Attack Detected by IDP

    • LP_Sophos Central - Multiple Instances of Failed Update

    • LP_Sophos Central - User Application blocked

    • LP_Sophos Central - Multiple Host Affected by the same threat

    • LP_Sophos Central - Endpoint Policy Non Compliant

    • LP_Sophos Central - Real Time Protection Disabled

    • LP_Sophos Central - Same Domain Blocked for Multiple User

    • LP_Sophos Central - Multiple Peripheral Devices Allowed

    • LP_Sophos Central - Potential Threat Detected

    • LP_Sophos Central - User Browsing Blocked Sites

    • LP_Sophos XG Firewall - Detected Malware Infected Mail

    • LP_Sophos XG Firewall - Excess Amount of IP Spoof Denied

    • LP_Sophos Central - Host is Out of Date

    • LP_Sophos Central - Same Application Blocked for Multiple User

    • LP_Sophos XG Firewall - Inbound Attack Detected by IDP

    • LP_Sophos Central - User Browsing Multiple Blocked Sites

    • LP_Sophos XG Firewall - Spam Mail Detected and Accepted

    • LP_Sophos Central - User Accessing Multiple Blocked Application

    • LP_Sophos Central - Multiple Threat Affected Host

  3. Report Packages

    • LP_Sophos UTM Safeguarding

    • LP_Sophos XG Firewall

  4. Normalization Packages

    • LP_Sophos E-mail Appliance

    • LP_Sophos Web Appliance

    • LP_Sophos UTM Process

    • LP_Sophos Generic

  5. Knowledge Base (KB) Lists

    • CONCERNED_CONTENT

    • EXTREMIST_CONTENT

    • CRIMINAL_CONTENT

    • VULNERABLE_CONTENT

  6. Label Packages

    • LP_Sophos Central

    • LP_Sophos Endpoint Antivirus

    • LP_Sophos UTM

  7. Compiled Normalizers

    • SophosCentralCompiledNormalizer

    • SophosCentralCEFCompiledNormalizer

    • SophosEndPointCompiledNormalizer

    • SophosEnterpriseConsoleServerCompiledNormalizer

    • SophosUTMCompiledNormalizer

    • SophosXGFirewallCompiledNormalizer

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support