Security Integrations (Coming soon)

We have extend the capabilities in the MDR Integrations EAP to add a variety of 3rd party integrations.

We ask that you configure all those that are relevant to your infrastructure.

During the EAP data from 3rd party integrations will be stored in the US region and will not be restricted to your deployment region.

I have included a brief 6 min video showing some of the integrations and how to set them up and get access to any necessary configuration guides.

Sophos XDR: MDR 3rd Party Integrations Support and Overview

The following 3rd party integrations are expected to be included in the Early Access program. if you do not see a security product that you would like us to add support for please comment below or email us directly so we can add it to a prioritized list.MDREarlyAccessProgram@sophos.com 

Category

Integration

Type

Description

Sophos XDR

Sophos  NDR

Sensor

The Sophos NDR sensor identifies threats based on network traffic analysis and alerts central on all detections and reports generated

Sophos XDR

Sophos Optix

REST API

Anomaly detection alerts

Sophos XDR

Microsoft - Office 365 Management Activity

REST API

 Office 365 Management Activity includes information about user, admin, system, and policy actions and events from Office 365 and Azure AD activity logs.

Sophos XDR

Microsoft - Graph Security API

REST API

 Adds security alerts from Microsoft and Microsoft partner products to the Sophos Data Lake.

Endpoint

Sophos XDR Endpoint and Server

Direct

Activty and detections from Sophos XDR protected endpoints and from Sophox XDR only endpoints

Endpoint

Blackberry – CylanceOPTICS

REST API

Identifies potential unknown malware, file-less attacks, and zero-day payload execution.

Endpoint

Malwarebytes - Endpoint Protection

Log Collector

See threat-related events from Malwarebytes Nebula, a cloud-hosted security platform that protects endpoints and resources, in  the Sophos Data Lake.

Endpoint

SentinelOne - Singularity Endpoint

REST API

SentinelOne detects threats to endpoints.

Endpoint

Broadcom - Symantec Endpoint Security

REST API

Send Symantec Endpoint Security data on vulnerabilities and attacks to the Sophos Data Lake.

Endpoint

Trend Micro - Apex Central

Log Collector

Adds notifications from Trend Micro Apex Central, a centralized management console for Trend Micro security products, to the Sophos Data Lake.

Email

Mimecast - Email Security Cloud Gateway

REST API

Detects threats that target email, including phishing, ransomware, and brand impersonation.

Email

Proofpoint - Targeted Attack Protection

REST API

Detects threats that target email, social media, and mobiles

Firewall

Fortinet – FortiAnalyzer

REST API

Adds security alerts from FortiAnalyzer to the Sophos Data Lake.

Firewall

Fortinet – Fortigate

Log Collector

Sends FortiGate firewall alerts about on web-based network threats to the Sophos Data Lake.

Firewall

Cisco - Firepower

Log Collector

Adds alerts from Cisco Firepower firewalls to the Sophos Data Lake.

Firewall

Cisco - Meraki

Log Collector

Provides data from Cisco Meraki secure network devices to the Sophos Data Lake.

Firewall

Palo Alto Networks - PAN-OS

Log Collector

Sends alerts from Palo Alto PAN-OS and Panorama network security products to the Sophos Data Lake.

Firewall

Sonicwall - SonicOS

Log Collector

Adds event messages from SonicWall security appliances to the Sophos Data Lake.

Firewall

Check Point - Quantum Cyber Security Platform

Log Collector

Reports security issues in data on an enterprise’s cloud, network, or mobiles.

Identity

Cisco - Duo

REST API

Provides data on authentication attempts by users.

Identity

Okta

REST API

Adds alerts on authentication attempts by users to the Sophos Data Lake.

Identity

Manage Engine - ADAudit Plus

Log Collector

Adds audit data regarding file permissions changes, sign-in activity and other security-related activities.

Network

Darktrace

Log Collector

Adds alerts from Darktrace’s infrastructure monitoring tools to the Sophos Data Lake.

Network

Skyhigh Security - Secure Web Gateway

Log Collector

Sends access log information from Skyhigh Security Secure Web Gateway (SWG) to the Sophos Data Lake.

Network

Thinkist - Canary

REST API

Add alerts from Thinkst Canary, a deception technology that generates alerts on suspect access, to the Sophos Data Lake.

Public cloud security

AWS - Security Hub

REST API

Adds alerts from AWS Security Hub to the Sophos Data Lake.

Public cloud security

AWS - Cloud Trail

REST API

Adds alerts from AWS CloudTrail logs to the Sophos Data Lake.

Public cloud security

Orca Security

REST API

See vulnerabilities, malware, misconfigurations, and critical risks in cloud-based apps in the Sophos Data Lake.

Parents Comment Children