Sophos MDR integrations are now GA, up to date documentation can be found at the following link: Integrations
Integrations from Sophos and 3rd party security providers are now included in the MDR Integrations EAP.
No purchase is required and the EAP is open to all MTR Standard and Advanced Accounts
I have included a brief 6 min video showing some of the integrations and how to set them up and get access to any necessary configuration guides.
MDR 3rd Party Integrations Support and Overview
The following 3rd party integrations are expected to be included in the Early Access program. if you do not see a security product that you would like us to add support for please comment below or email us directly so we can add it to a prioritized list.MDREarlyAccessProgram@sophos.com
The Sophos NDR sensor identifies threats based on network traffic analysis and alerts central on all detections and reports generated
Anomaly detection alerts
Microsoft - Office 365 Management Activity
Office 365 Management Activity includes information about user, admin, system, and policy actions and events from Office 365 and Azure AD activity logs.
Microsoft - Graph Security API
Adds security alerts from Microsoft and Microsoft partner products to the Sophos Data Lake.
Sophos XDR Endpoint and Server
Activty and detections from Sophos XDR protected endpoints and from Sophox XDR only endpoints
Blackberry – CylanceOPTICS
Identifies potential unknown malware, file-less attacks, and zero-day payload execution.
Malwarebytes - Endpoint Protection
See threat-related events from Malwarebytes Nebula, a cloud-hosted security platform that protects endpoints and resources, in the Sophos Data Lake.
SentinelOne - Singularity Endpoint
SentinelOne detects threats to endpoints.
Trend Micro - Apex Central
Adds notifications from Trend Micro Apex Central, a centralized management console for Trend Micro security products, to the Sophos Data Lake.
Mimecast - Email Security Cloud Gateway
Detects threats that target email, including phishing, ransomware, and brand impersonation.
Proofpoint - Targeted Attack Protection
Detects threats that target email, social media, and mobiles
Fortinet – FortiAnalyzer
Adds security alerts from FortiAnalyzer to the Sophos Data Lake.
Fortinet – Fortigate
Sends FortiGate firewall alerts about on web-based network threats to the Sophos Data Lake.
Cisco - Firepower
Adds alerts from Cisco Firepower firewalls to the Sophos Data Lake.
Cisco - Meraki
Provides data from Cisco Meraki secure network devices to the Sophos Data Lake.
Palo Alto Networks - PAN-OS
Sends alerts from Palo Alto PAN-OS and Panorama network security products to the Sophos Data Lake.
Sonicwall - SonicOS
Adds event messages from SonicWall security appliances to the Sophos Data Lake.
Check Point - Quantum Cyber Security Platform
Reports security issues in data on an enterprise’s cloud, network, or mobiles.
Cisco - Duo
Provides data on authentication attempts by users.
Adds alerts on authentication attempts by users to the Sophos Data Lake.
Manage Engine - ADAudit Plus
Adds audit data regarding file permissions changes, sign-in activity and other security-related activities.
Adds alerts from Darktrace’s infrastructure monitoring tools to the Sophos Data Lake.
Skyhigh Security - Secure Web Gateway
Sends access log information from Skyhigh Security Secure Web Gateway (SWG) to the Sophos Data Lake.
Thinkist - Canary
Add alerts from Thinkst Canary, a deception technology that generates alerts on suspect access, to the Sophos Data Lake.
AWS - Security Hub
Adds alerts from AWS Security Hub to the Sophos Data Lake.
AWS - Cloud Trail
Adds alerts from AWS CloudTrail logs to the Sophos Data Lake.
See vulnerabilities, malware, misconfigurations, and critical risks in cloud-based apps in the Sophos Data Lake.