Office 365 Cloud App Security

Trying to get O365 Cloud app security to inspect our Sophos logs.  They say that they can read XG firewall logs but each time they are uploaded we get errors stating that they are in the incorrect format.


Has anyone else got this working ?





  • Hi Ed,


    I to am trying to get this working. However I cannot seem to get the Collector to send any logs. Can you share with me your configuration from the XG side? I would be very grateful. Hopefully someone at sophos or in community will respond to get this moving. Sureley someone knows how to get it functioning considering MS documents XG as supported. 




    Brad Dworkin

  • In reply to Brad Dworkin:

    Hi Brad,


    The only way I've managed to get it working at present is to use the log viewer to export logs.. not what we need for continuous monitoring.  Looking at the MS docs, it implies that we need to use docker rather than a VM (VM was depreciated) to make this work.  So whilst it is technically supported, it looks like we can not just point MS at our XG or vice-versa.


    I've put it on hold at present as I am looking at other firewall solutions before we renew, but would be very interested in a solution from either MS or Sophos




  • In reply to macstorm:

    Did you ever get any further with this?

  • In reply to macstorm:


    I don't suppose you could share the config you used to get this working from log viewer?

    I'm surprised this hasn't come up more.




  • In reply to Sven Van Dongen:

    Same here - just tried it but cant make it go.

    No Sophos KBA either...

  • In reply to M8ey:

    I may be wrong but the first time we set up cloud app - it seemed to run continuously for a short period and then stopped. 


    Since then I can't get the connection to work either - tried installing docker and that is just a minefield. 


    There should be an easier way of doing this considering cloud app has SG in the list of firewalls