What are the best tool available for Sophos Central Log Analysis? Is there a way to move the logs from Sophos Central either to a Log Server or Cloud VM and deploy the log analysis tool to generate insights?
Thank you for reaching community forum. we have multiple logs analysis option builtin to our sophos central dashboard starting from basic logs and reports to threat hunting. It also has the ability to perform query by using our Live discover feature with uses OS query.
https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/LogsReports/index.html
https://docs.sophos.com/central/Customer/help/en-us/ManageYourProducts/Overview/ThreatAnalysisCenter/index.html
https://docs.sophos.com/central/Customer/help/en-us/ManageYourProducts/Overview/ThreatAnalysisCenter/LiveDiscover/index.html
You can also integrate our central dashboard to API if you wish to centrally monitor all activity of your manages devices through Log server. You can refer to below link on how to integrate your sophos central to API.
https://support.sophos.com/support/s/article/KB-000036424?language=en_US
Let us know if you have more queries about this.
Quote