Monitoring software that can pull firewall data from central?

Is there any monitoring software yet available that can pull all the firewalls we manage and display them onto a wallboard? I'm looking for a network monitoring/siem tool that I can use to fill our wallboard with the online/offline/whatever extra data that central has on firewalls.

Anyone know if this is yet possible?

Thanks.

Top Replies

  • Hi Greg,

    Thanks for reaching out to the Sophos Community Forum. 

    A good place to start would be the Common API page. I was able to format a query that would return all Firewall Alerts that were generated recently in my test environment. 

    The event "Firewall has not checked in with Sophos Central for the past 5 minutes" could be used to update your wallboard with a red/bad status indicator for firewall connections. 
    The event "Firewall connection to Sophos Central has been restored" could be used to change the reported status back to green/good.

    I suggest running a more basic query to start off with so that you can see all of the information reported back. You can then filter your API Query further so that only the relevant events to Firewall status' are returned, allowing you to incorporate this in a more meaningful way.

    In terms of a SIEM solution that will give you this functionality right out of the box, I will need to inquire a bit further and update you on this thread. 

    Kushal Lakhan
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Is there a way I can duplicate the firewalls page? I like how it shows it's connected and they're in a list. Just a shame I don't have a way to put it into an app or a wall page of some sort easy for my wall boards to get to.

  • I was not able to locate a resource that would simplify setting this up, it seems like this would need to be built from the ground up. A SIEM tool may help to ingest the information in a more manageable way if you are not looking to work directly with API's. 

    I do see the benefit in having a monitoring dashboard available, however, I'd suggest submitting a feature request on the following ideas page. You can share your suggestion with colleagues for it to gain traction/visibility as well.

    Kushal Lakhan
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids