How does Sophos update its own cyber threat information?

Question

Hi, I am completing a security questionnaire for a potential client. 
 One of the questions asks to provide evidence of the sharing of cyber threat information and how it is integrated into tools that our organization uses. 
 Example technologies or guidance for this question include STIX, Alienvault, and Cyber Threat Alliance, the last of which Sophos is a member. 
 I have searched the website and documentation but cannot come up with any concrete information that details how Sophos sources or updates the intel that they use to update their lists of known bad IPs, exe files etc. 
 Can someone please point me in the direction of some documentation that would support this? Or is that private information? Thanks

Maxim-Sophos · Answer

The request is a bit vague about what it's looking for, but here are a few resources that might help: 
 
 This page provides information about pre-built integrations and the APIs that allow for custom integration with other solutions. 
 Here's a sample script for exporting event/alert info from Sophos Central into a SIEM, such as AlienVault. 
 As you mentioned, we're included on the list of members of the Cyber Threat Alliance (in which we are an active sharer and consumer of threat intel). 
 
 We also consume threat intel from a wide variety of sources, including other alliances, commercial data feeds, our own crawlers and threat research, etc. 
 Hope this helps!

How does Sophos update its own cyber threat information?

Top Replies