Sophos allows you to monitor and identify threats in your organization using Sophos data. Logpoint aggregates and normalizes Sophos logs so you can analyze the information through dashboards and security reports. Sophos dashboards allow you to visualize events related to threats, infected files, spam email, peripheral devices and the web.
When Logpoint identifies the Sophos firewall events, it triggers security alerts based on predetermined rules. The automated alerts enable you to detect possible issues early and take corrective actions against them.
Supported Devices/Sources
Sophos Unified Threat Management (UTM) v8
Sophos UTM Web Application Firewall XG310
Sophos Endpoint Antivirus version 5.2.1 R2
Sophos XG Firewall v15.x
Sophos Components
Compiled Normalizers
Modularized Compiled Normalizer:
Modularization separates a program’s functionality into independent, interchangeable modules. Each module contains everything necessary to executes only one aspect of the program’s functionality. With modularization it is easier to add and maintain smaller program components, understand the purpose of each module, and reuse and refactor them. The modularized compiled normalizer SophosCompiledNormlaizer includes the modules like SophosCentralCompiledNormalizer, SophosCentralCEFCompiledNormalizer and SophosEndPointCompiledNormalizer that are capable of carrying out task(s) independently and work as basic constructs for the SophosCompiledNormlaizer.
Non-modularized Compiled Normalizer:
Non-modularization means no modules are integrated into the program. The non-modularized Barracuda compiled normalizers like SophosEnterpriseConsoleServerCompiledNormalizer and SophosUTMCompiledNormalizer are independent and normalize specific logs such as SophosXGFirewall, SophosEnterpriseConsoleServer and SophosCentralCEF.
Following are the non-modularized compiled normalizers included in Sophos:
SophosCentralCompiledNormalizer
SophosCentralCEFCompiledNormalizer
SophosEndPointCompiledNormalizer
SophosEnterpriseConsoleServerCompiledNormalizer
SophosUTMCompiledNormalizer
SophosXGFirewallCompiledNormalizer
Dashboards
LP_Sophos Central
LP_Sophos UTM Overview
LP_Sophos UTM Safeguarding
LP_Sophos UTM Secure Mail
LP_Sophos UTM Secure Net
LP_Sophos UTM Secure Web
LP_Sophos UTM System
LP_Sophos XG Firewall LP_Sophos
Alerts
LP_Sophos XG Firewall - Outbound Attack Detected by IDP
LP_Sophos Central - Multiple Instances of Failed Update
LP_Sophos Central - User Application blocked
LP_Sophos Central - Multiple Host Affected by the same threat
LP_Sophos Central - Endpoint Policy Non Compliant
LP_Sophos Central - Real Time Protection Disabled
LP_Sophos Central - Same Domain Blocked for Multiple User
LP_Sophos Central - Multiple Peripheral Devices Allowed
LP_Sophos Central - Potential Threat Detected
LP_Sophos Central - User Browsing Blocked Sites
LP_Sophos XG Firewall - Detected Malware Infected Mail
LP_Sophos XG Firewall - Excess Amount of IP Spoof Denied
LP_Sophos Central - Host is Out of Date
LP_Sophos Central - Same Application Blocked for Multiple User
LP_Sophos XG Firewall - Inbound Attack Detected by IDP
LP_Sophos Central - User Browsing Multiple Blocked Sites
LP_Sophos XG Firewall - Spam Mail Detected and Accepted
LP_Sophos Central - User Accessing Multiple Blocked Application
LP_Sophos Central - Multiple Threat Affected Host
Report Packages
LP_Sophos UTM Safeguarding
LP_Sophos XG Firewall
Normalization Packages
LP_Sophos E-mail Appliance
LP_Sophos Web Appliance
LP_Sophos UTM Process
LP_Sophos Generic
Knowledge Base (KB) Lists
CONCERNED_CONTENT
EXTREMIST_CONTENT
CRIMINAL_CONTENT
VULNERABLE_CONTENT
Label Packages
LP_Sophos Central
LP_Sophos Endpoint Antivirus
LP_Sophos UTM