Hello,
Can Super admin in Sophos Central Enterprise view all reports & Logs of all organization's
2- In From Sophos Central Enterprise Polices &Template in policy Peripheral control add Exemptions of USB and push it to all OU
Note : Polices &Template in policy Peripheral control Ex in Customer level not Enterprise
Hi Ahmed Fahmy1,
Thank you for reaching out to the Sophos Community Forum.
1. Yes, Enterprise Super Admin can view and export a record of all activities and changes made to the system in Sophos Central Enterprise and its sub-estates using the Audit Log report.
2. Do you mean adding/updating a policy and pushing it to all Sub-Estates? You can create templates and apply them to your sub-estates. Kindly refer to this article regarding Global templates for Sophos Central Enterprise.
I hope this helps. If I somehow misunderstood your question, please let me know.
It is not currently possible to see all of the event data generated from the sub-estates when browsing from the Enterprise Dashboard.
The alert data will be shown, but the more granular events will not. If you would like to generate reports from this data, you will need to have an admin user account that can log in directly to the desired sub-estates. This allows you to generate a custom report by doing the following.
- Go to Logs and Reports
- Select "Events" under General Logs
- Select "Save as Custom Report"
Another option would be to use the SIEM API. This way if you have a reporting server, you can route all of the event and alert data into that system to interact with the data how you wish. You will need to configure this for each of the sub-estates.
- Send alert and event data to your SIEM
I suspect the reason the Peripheral Control policy does not allow you to add exemptions via template is because of the way peripheral devices are populated into the lists.
The USB device will need to be plugged into one of the devices from each respective sub-estate to show up so you can interact with it.
The Endpoint API will still give you some options to add the USB device exemptions without navigating into each sub-estate, but this will still require the concerned USB device to be detected on each sub-estate before being added.
