Sophos Community
Sophos Community
  • Site
  • User
  • Site
  • Search
  • User
  • Community & Product Forums
    • Sophos Endpoint
    • Sophos Firewall
    • Sophos Central
    • Sophos Factory
    • Sophos Mobile
    • Sophos Cloud Optix
    • Sophos Sensor
    • Sophos Switch
    • Sophos Wireless
    • Sophos Email
    • UTM Firewall
  • Community Blogs & Events
    • Sophos Community Blog
    • Community Security Blog
    • Product Documentation Blog
    • Application Control
  • Getting Started
  • Sophos Partners
    • Sophos Partners Group
  • Member Recognition
    • Community Leaderboards
  • More
  • Cancel
MDR Integrations
  • MDR Community Channel
  • More
MDR Integrations
Integrations Integrations
  • Announcements
  • Discussions
  • Queries
  • Recommended Reads
  • Integrations
  • More
  • Cancel
  • New
MDR Integrations requires membership for participation - click to join
  • -Integrations
    • Install and configuration guides
    • +Sophos XDR
    • +Email
    • Endpoint
    • Firewall
    • Identity
    • Network
    • Public Cloud Security
  • Integration types
  • FAQ

Integrations

Sophos MDR integrations are now GA, up to date documentation can be found at the following link: Integrations


https://www.sophos.com/en-us/legal/sophos-group-privacy-notice 

Integrations from Sophos and 3rd party security providers are now included in the MDR Integrations EAP.

No purchase is required and the EAP is open to all MTR Standard and Advanced Accounts

I have included a brief 6 min video showing some of the integrations and how to set them up and get access to any necessary configuration guides.

MDR 3rd Party Integrations Support and Overview

The following 3rd party integrations are expected to be included in the Early Access program. if you do not see a security product that you would like us to add support for please comment below or email us directly so we can add it to a prioritized list.MDREarlyAccessProgram@sophos.com 

Category

Integration

Type

Description

Sophos XDR

Sophos  NDR

Sensor

The Sophos NDR sensor identifies threats based on network traffic analysis and alerts central on all detections and reports generated

Sophos XDR

Sophos Optix

REST API

Anomaly detection alerts

Sophos XDR

Microsoft - Office 365 Management Activity

REST API

 Office 365 Management Activity includes information about user, admin, system, and policy actions and events from Office 365 and Azure AD activity logs.

Sophos XDR

Microsoft - Graph Security API

REST API

 Adds security alerts from Microsoft and Microsoft partner products to the Sophos Data Lake.

Endpoint

Sophos XDR Endpoint and Server

Direct

Activty and detections from Sophos XDR protected endpoints and from Sophox XDR only endpoints

Endpoint

Blackberry – CylanceOPTICS

REST API

Identifies potential unknown malware, file-less attacks, and zero-day payload execution.

Endpoint

Malwarebytes - Endpoint Protection

Log Collector

See threat-related events from Malwarebytes Nebula, a cloud-hosted security platform that protects endpoints and resources, in  the Sophos Data Lake.

Endpoint

SentinelOne - Singularity Endpoint

REST API

SentinelOne detects threats to endpoints.

Endpoint

Trend Micro - Apex Central

Log Collector

Adds notifications from Trend Micro Apex Central, a centralized management console for Trend Micro security products, to the Sophos Data Lake.

Email

Mimecast - Email Security Cloud Gateway

REST API

Detects threats that target email, including phishing, ransomware, and brand impersonation.

Email

Proofpoint - Targeted Attack Protection

REST API

Detects threats that target email, social media, and mobiles

Firewall

Fortinet – FortiAnalyzer

REST API

Adds security alerts from FortiAnalyzer to the Sophos Data Lake.

Firewall

Fortinet – Fortigate

Log Collector

Sends FortiGate firewall alerts about on web-based network threats to the Sophos Data Lake.

Firewall

Cisco - Firepower

Log Collector

Adds alerts from Cisco Firepower firewalls to the Sophos Data Lake.

Firewall

Cisco - Meraki

Log Collector

Provides data from Cisco Meraki secure network devices to the Sophos Data Lake.

Firewall

Palo Alto Networks - PAN-OS

Log Collector

Sends alerts from Palo Alto PAN-OS and Panorama network security products to the Sophos Data Lake.

Firewall

Sonicwall - SonicOS

Log Collector

Adds event messages from SonicWall security appliances to the Sophos Data Lake.

Firewall

Check Point - Quantum Cyber Security Platform

Log Collector

Reports security issues in data on an enterprise’s cloud, network, or mobiles.

Identity

Cisco - Duo

REST API

Provides data on authentication attempts by users.

Identity

Okta

REST API

Adds alerts on authentication attempts by users to the Sophos Data Lake.

Identity

Manage Engine - ADAudit Plus

Log Collector

Adds audit data regarding file permissions changes, sign-in activity and other security-related activities.

Network

Darktrace

Log Collector

Adds alerts from Darktrace’s infrastructure monitoring tools to the Sophos Data Lake.

Network

Skyhigh Security - Secure Web Gateway

Log Collector

Sends access log information from Skyhigh Security Secure Web Gateway (SWG) to the Sophos Data Lake.

Network

Thinkist - Canary

REST API

Add alerts from Thinkst Canary, a deception technology that generates alerts on suspect access, to the Sophos Data Lake.

Public cloud

AWS - Security Hub

REST API

Adds alerts from AWS Security Hub to the Sophos Data Lake.

Public cloud

AWS - Cloud Trail

REST API

Adds alerts from AWS CloudTrail logs to the Sophos Data Lake.

Public cloud

Orca Security

REST API

See vulnerabilities, malware, misconfigurations, and critical risks in cloud-based apps in the Sophos Data Lake.

  • Share
  • History
  • More
  • Cancel
Unfiltered HTML
  • Getting started
  • Legal
  • Privacy
  • Cookies

© 1997 - 2023 Sophos Ltd. All rights reserved.