Sophos MDR integrations are now GA, up to date documentation can be found at the following link: Integrations
https://www.sophos.com/en-us/legal/sophos-group-privacy-notice
Integrations from Sophos and 3rd party security providers are now included in the MDR Integrations EAP.
No purchase is required and the EAP is open to all MTR Standard and Advanced Accounts
I have included a brief 6 min video showing some of the integrations and how to set them up and get access to any necessary configuration guides.
MDR 3rd Party Integrations Support and Overview
The following 3rd party integrations are expected to be included in the Early Access program. if you do not see a security product that you would like us to add support for please comment below or email us directly so we can add it to a prioritized list.MDREarlyAccessProgram@sophos.com
Category
Integration
Type
Description
Sophos XDR
Sophos NDR
Sensor
The Sophos NDR sensor identifies threats based on network traffic analysis and alerts central on all detections and reports generated
Sophos Optix
REST API
Anomaly detection alerts
Microsoft - Office 365 Management Activity
Office 365 Management Activity includes information about user, admin, system, and policy actions and events from Office 365 and Azure AD activity logs.
Microsoft - Graph Security API
Adds security alerts from Microsoft and Microsoft partner products to the Sophos Data Lake.
Endpoint
Sophos XDR Endpoint and Server
Direct
Activty and detections from Sophos XDR protected endpoints and from Sophox XDR only endpoints
Blackberry – CylanceOPTICS
Identifies potential unknown malware, file-less attacks, and zero-day payload execution.
Malwarebytes - Endpoint Protection
Log Collector
See threat-related events from Malwarebytes Nebula, a cloud-hosted security platform that protects endpoints and resources, in the Sophos Data Lake.
SentinelOne - Singularity Endpoint
SentinelOne detects threats to endpoints.
Trend Micro - Apex Central
Adds notifications from Trend Micro Apex Central, a centralized management console for Trend Micro security products, to the Sophos Data Lake.
Email
Mimecast - Email Security Cloud Gateway
Detects threats that target email, including phishing, ransomware, and brand impersonation.
Proofpoint - Targeted Attack Protection
Detects threats that target email, social media, and mobiles
Firewall
Fortinet – FortiAnalyzer
Adds security alerts from FortiAnalyzer to the Sophos Data Lake.
Fortinet – Fortigate
Sends FortiGate firewall alerts about on web-based network threats to the Sophos Data Lake.
Cisco - Firepower
Adds alerts from Cisco Firepower firewalls to the Sophos Data Lake.
Cisco - Meraki
Provides data from Cisco Meraki secure network devices to the Sophos Data Lake.
Palo Alto Networks - PAN-OS
Sends alerts from Palo Alto PAN-OS and Panorama network security products to the Sophos Data Lake.
Sonicwall - SonicOS
Adds event messages from SonicWall security appliances to the Sophos Data Lake.
Check Point - Quantum Cyber Security Platform
Reports security issues in data on an enterprise’s cloud, network, or mobiles.
Identity
Cisco - Duo
Provides data on authentication attempts by users.
Okta
Adds alerts on authentication attempts by users to the Sophos Data Lake.
Manage Engine - ADAudit Plus
Adds audit data regarding file permissions changes, sign-in activity and other security-related activities.
Network
Darktrace
Adds alerts from Darktrace’s infrastructure monitoring tools to the Sophos Data Lake.
Skyhigh Security - Secure Web Gateway
Sends access log information from Skyhigh Security Secure Web Gateway (SWG) to the Sophos Data Lake.
Thinkist - Canary
Add alerts from Thinkst Canary, a deception technology that generates alerts on suspect access, to the Sophos Data Lake.
Public cloud
AWS - Security Hub
Adds alerts from AWS Security Hub to the Sophos Data Lake.
AWS - Cloud Trail
Adds alerts from AWS CloudTrail logs to the Sophos Data Lake.
Orca Security
See vulnerabilities, malware, misconfigurations, and critical risks in cloud-based apps in the Sophos Data Lake.