Sophos MDR integrations are now GA, up to date documentation can be found at the following link: Integrations
https://www.sophos.com/en-us/legal/sophos-group-privacy-notice
Integrations from Sophos and 3rd party security providers are now included in the MDR Integrations EAP.
No purchase is required and the EAP is open to all MTR Standard and Advanced Accounts
I have included a brief 6 min video showing some of the integrations and how to set them up and get access to any necessary configuration guides.
MDR 3rd Party Integrations Support and Overview
The following 3rd party integrations are expected to be included in the Early Access program. if you do not see a security product that you would like us to add support for please comment below or email us directly so we can add it to a prioritized list.MDREarlyAccessProgram@sophos.com
Category |
Integration |
Type |
Description |
Sophos XDR |
Sophos NDR |
Sensor |
The Sophos NDR sensor identifies threats based on network traffic analysis and alerts central on all detections and reports generated |
Sophos XDR |
Sophos Optix |
REST API |
Anomaly detection alerts |
Sophos XDR |
Microsoft - Office 365 Management Activity |
REST API |
Office 365 Management Activity includes information about user, admin, system, and policy actions and events from Office 365 and Azure AD activity logs. |
Sophos XDR |
Microsoft - Graph Security API |
REST API |
Adds security alerts from Microsoft and Microsoft partner products to the Sophos Data Lake. |
Endpoint |
Sophos XDR Endpoint and Server |
Direct |
Activty and detections from Sophos XDR protected endpoints and from Sophox XDR only endpoints |
Endpoint |
Blackberry – CylanceOPTICS |
REST API |
Identifies potential unknown malware, file-less attacks, and zero-day payload execution. |
Endpoint |
Malwarebytes - Endpoint Protection |
Log Collector |
See threat-related events from Malwarebytes Nebula, a cloud-hosted security platform that protects endpoints and resources, in the Sophos Data Lake. |
Endpoint |
SentinelOne - Singularity Endpoint |
REST API |
SentinelOne detects threats to endpoints. |
Endpoint |
Trend Micro - Apex Central |
Log Collector |
Adds notifications from Trend Micro Apex Central, a centralized management console for Trend Micro security products, to the Sophos Data Lake. |
|
Mimecast - Email Security Cloud Gateway |
REST API |
Detects threats that target email, including phishing, ransomware, and brand impersonation. |
|
Proofpoint - Targeted Attack Protection |
REST API |
Detects threats that target email, social media, and mobiles |
Firewall |
Fortinet – FortiAnalyzer |
REST API |
Adds security alerts from FortiAnalyzer to the Sophos Data Lake. |
Firewall |
Fortinet – Fortigate |
Log Collector |
Sends FortiGate firewall alerts about on web-based network threats to the Sophos Data Lake. |
Firewall |
Cisco - Firepower |
Log Collector |
Adds alerts from Cisco Firepower firewalls to the Sophos Data Lake. |
Firewall |
Cisco - Meraki |
Log Collector |
Provides data from Cisco Meraki secure network devices to the Sophos Data Lake. |
Firewall |
Palo Alto Networks - PAN-OS |
Log Collector |
Sends alerts from Palo Alto PAN-OS and Panorama network security products to the Sophos Data Lake. |
Firewall |
Sonicwall - SonicOS |
Log Collector |
Adds event messages from SonicWall security appliances to the Sophos Data Lake. |
Firewall |
Check Point - Quantum Cyber Security Platform |
Log Collector |
Reports security issues in data on an enterprise’s cloud, network, or mobiles. |
Identity |
Cisco - Duo |
REST API |
Provides data on authentication attempts by users. |
Identity |
Okta |
REST API |
Adds alerts on authentication attempts by users to the Sophos Data Lake. |
Identity |
Manage Engine - ADAudit Plus |
Log Collector |
Adds audit data regarding file permissions changes, sign-in activity and other security-related activities. |
Network |
Darktrace |
Log Collector |
Adds alerts from Darktrace’s infrastructure monitoring tools to the Sophos Data Lake. |
Network |
Skyhigh Security - Secure Web Gateway |
Log Collector |
Sends access log information from Skyhigh Security Secure Web Gateway (SWG) to the Sophos Data Lake. |
Network |
Thinkist - Canary |
REST API |
Add alerts from Thinkst Canary, a deception technology that generates alerts on suspect access, to the Sophos Data Lake. |
Public cloud |
AWS - Security Hub |
REST API |
Adds alerts from AWS Security Hub to the Sophos Data Lake. |
Public cloud |
AWS - Cloud Trail |
REST API |
Adds alerts from AWS CloudTrail logs to the Sophos Data Lake. |
Public cloud |
Orca Security |
REST API |
See vulnerabilities, malware, misconfigurations, and critical risks in cloud-based apps in the Sophos Data Lake. |