We have extend the capabilities in the MDR Integrations EAP to add a variety of 3rd party integrations.
We ask that you configure all those that are relevant to your infrastructure.
During the EAP data from 3rd party integrations will be stored in the US region and will not be restricted to your deployment region.
I have included a brief 6 min video showing some of the integrations and how to set them up and get access to any necessary configuration guides.
Sophos XDR: MDR 3rd Party Integrations Support and Overview
The following 3rd party integrations are expected to be included in the Early Access program. if you do not see a security product that you would like us to add support for please comment below or email us directly so we can add it to a prioritized list.MDREarlyAccessProgram@sophos.com
The Sophos NDR sensor identifies threats based on network traffic analysis and alerts central on all detections and reports generated
Anomaly detection alerts
Microsoft - Office 365 Management Activity
Office 365 Management Activity includes information about user, admin, system, and policy actions and events from Office 365 and Azure AD activity logs.
Microsoft - Graph Security API
Adds security alerts from Microsoft and Microsoft partner products to the Sophos Data Lake.
Sophos XDR Endpoint and Server
Activty and detections from Sophos XDR protected endpoints and from Sophox XDR only endpoints
Blackberry – CylanceOPTICS
Identifies potential unknown malware, file-less attacks, and zero-day payload execution.
Malwarebytes - Endpoint Protection
See threat-related events from Malwarebytes Nebula, a cloud-hosted security platform that protects endpoints and resources, in the Sophos Data Lake.
SentinelOne - Singularity Endpoint
SentinelOne detects threats to endpoints.
Broadcom - Symantec Endpoint Security
Send Symantec Endpoint Security data on vulnerabilities and attacks to the Sophos Data Lake.
Trend Micro - Apex Central
Adds notifications from Trend Micro Apex Central, a centralized management console for Trend Micro security products, to the Sophos Data Lake.
Mimecast - Email Security Cloud Gateway
Detects threats that target email, including phishing, ransomware, and brand impersonation.
Proofpoint - Targeted Attack Protection
Detects threats that target email, social media, and mobiles
Fortinet – FortiAnalyzer
Adds security alerts from FortiAnalyzer to the Sophos Data Lake.
Fortinet – Fortigate
Sends FortiGate firewall alerts about on web-based network threats to the Sophos Data Lake.
Cisco - Firepower
Adds alerts from Cisco Firepower firewalls to the Sophos Data Lake.
Cisco - Meraki
Provides data from Cisco Meraki secure network devices to the Sophos Data Lake.
Palo Alto Networks - PAN-OS
Sends alerts from Palo Alto PAN-OS and Panorama network security products to the Sophos Data Lake.
Sonicwall - SonicOS
Adds event messages from SonicWall security appliances to the Sophos Data Lake.
Check Point - Quantum Cyber Security Platform
Reports security issues in data on an enterprise’s cloud, network, or mobiles.
Cisco - Duo
Provides data on authentication attempts by users.
Adds alerts on authentication attempts by users to the Sophos Data Lake.
Manage Engine - ADAudit Plus
Adds audit data regarding file permissions changes, sign-in activity and other security-related activities.
Adds alerts from Darktrace’s infrastructure monitoring tools to the Sophos Data Lake.
Skyhigh Security - Secure Web Gateway
Sends access log information from Skyhigh Security Secure Web Gateway (SWG) to the Sophos Data Lake.
Thinkist - Canary
Add alerts from Thinkst Canary, a deception technology that generates alerts on suspect access, to the Sophos Data Lake.
Public cloud security
AWS - Security Hub
Adds alerts from AWS Security Hub to the Sophos Data Lake.
AWS - Cloud Trail
Adds alerts from AWS CloudTrail logs to the Sophos Data Lake.
See vulnerabilities, malware, misconfigurations, and critical risks in cloud-based apps in the Sophos Data Lake.
I will be posting mor tonight, Hopefully monday AM you have plenty to read and review. We expect the integrations to be available in the Central Console on Oct 11th.
We are waiting for more information about Security Integrations