Monitoring software that can pull firewall data from central?

Is there any monitoring software yet available that can pull all the firewalls we manage and display them onto a wallboard? I'm looking for a network monitoring/siem tool that I can use to fill our wallboard with the online/offline/whatever extra data that central has on firewalls.

Anyone know if this is yet possible?

Thanks.

Parents
  • Hi Greg,

    Thanks for reaching out to the Sophos Community Forum. 

    A good place to start would be the Common API page. I was able to format a query that would return all Firewall Alerts that were generated recently in my test environment. 

    The event "Firewall has not checked in with Sophos Central for the past 5 minutes" could be used to update your wallboard with a red/bad status indicator for firewall connections. 
    The event "Firewall connection to Sophos Central has been restored" could be used to change the reported status back to green/good.

    I suggest running a more basic query to start off with so that you can see all of the information reported back. You can then filter your API Query further so that only the relevant events to Firewall status' are returned, allowing you to incorporate this in a more meaningful way.

    In terms of a SIEM solution that will give you this functionality right out of the box, I will need to inquire a bit further and update you on this thread. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Is there a way I can duplicate the firewalls page? I like how it shows it's connected and they're in a list. Just a shame I don't have a way to put it into an app or a wall page of some sort easy for my wall boards to get to.

Reply Children