Sophos App For Splunk provides 7 dashboards and several visualizations to provide user insights into the data collected from the Sophos XG Firewall platform. The below table provides a list of visualization source types use in each dashboard.
Dashboard Name
Source type
Panel Name
Threats
sophos:xg:atp, sophos:xg:anti_virus, sophos:xg:sandbox, sophos:xg:idp, sophos:xg:waf
Threats by Type Over Time
Threats by Severity Over Time
Threats Blocked by Source IP
sophos:xg:atp, sophos:xg:idp
Advanced Threat Protection (ATP) & Intrusion Prevention System (IPS) Events
Firewall Overview
sophos:xg:system_health
Interface Usage
Interface Errors
sophos:xg:content_filtering
Web Sessions Over Time by Top 10 User
Maximum Live Users Over Time
sophos:xg:firewall
Firewall Traffic Volume Over Time
sophos:xg:firewall, sophos:xg:content_filtering, sophos:xg:idp, sophos:xg:ssl
Log Lines
Web
Traffic Over Time by Host
Bandwidth Over Time
Warned Summary
Traffic by HTTP Category
Traffic by Domain
Web Clients by Hits (Top 10)
Actions Taken Against Web Traffic
Traffic by Source Zone
Traffic by Destination Zone
Web Traffic by Destination Geo
Firewall Top 10
Applications by Hits (Top 10)
Application Clients by Hits (Top 10)
Firewall Traffic by Firewall Rule (Top 10)
Firewall Traffic Details by Firewall Rule ID
Firewall Traffic by Bandwidth (Top 10)
Firewall Traffic by Destination Geo (Top 10)
Traffic
sophos:xg:ssl
Traffic by TLS Version
Traffic by Encryption Status
Traffic by Server Name Indication & Domain
Failed Connections by Reason
Users
Web Connections
Application Connections
VPN
sophos:xg:event
VPN Users Over Time
Remote Access Connections by Source IP
Site-to-Site Connections by Source IP
Connections by User per VPN Method Type
Connections per Destination (Top 10)
Web Categories Accessed from VPN (Top 10)
Applications Accessed from VPN (Top 10)