Sophos now offers and supports two Splunk data add-on apps, as well as a dashboard app for visualizing the data across products.
*Note: These installers are provided to our partners and customers "as is" for improving their business processes and conducting threat hunting.
Note: You must have at least one TA ingestor Add-on as a prerequisite to using the dashboard application.
Threat Dashboard - Use this dashboard to understand threat trends and view threats by type, severity and Source IP over time
Firewall Overview - Quickly determine usage trends of your firewall device with widgets such as Interface Usage and Web Sessions over time.
Web - Provides a snapshot view of web trends and usage over time
Firewall Top 10 - See top trends across application and traffic usage
Traffic - Provides a deeper dive into traffic analysis and visualization
Users - View and filter user interactions by time, group, name and IP address
VPN - View VPN trends such as Usage Over Time, Connection Types, and Web Categories accessed via VPN
Installation & Configuration
The dashboard App may be downloaded from Splunkbase.
Note: Once the application is installed you must tell the application what data indexes it should be using as the source from where to display the data.
Help & Support
Please post feedback or inquiries to our Feedback forum or email: apis @ sophos.com