This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How does Sophos update its own cyber threat information?

Hi, 

I am completing a security questionnaire for a potential client. 

One of the questions asks to provide evidence of the sharing of cyber threat information and how it is integrated into tools that our organization uses. 

Example technologies or guidance for this question include STIX, Alienvault, and Cyber Threat Alliance, the last of which Sophos is a member. 

I have searched the website and documentation but cannot come up with any concrete information that details how Sophos sources or updates the intel that they use to update their lists of known bad IPs, exe files etc. 

Can someone please point me in the direction of some documentation that would support this? Or is that private information? 

Thanks



This thread was automatically locked due to age.
  • Hi There,

    Thank you for reaching us, Allow us to have this check and we'll get back to you.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • The request is a bit vague about what it's looking for, but here are a few resources that might help:

    • This page provides information about pre-built integrations and the APIs that allow for custom integration with other solutions.
    • Here's a sample script for exporting event/alert info from Sophos Central into a SIEM, such as AlienVault.
    • As you mentioned, we're included on the list of members of the Cyber Threat Alliance (in which we are an active sharer and consumer of threat intel).

    We also consume threat intel from a wide variety of sources, including other alliances, commercial data feeds, our own crawlers and threat research, etc.

    Hope this helps!