Sophos now offers and supports two Splunk data add-on apps, as well as a dashboard app for visualizing the data across products.
*Note: These installers are provided to our partners and customers "as is" for improving their business processes and conducting threat hunting.
By using any of the below software, you agree to the Sophos API & Plugins Terms of Use. You also acknowledge that Sophos processes personal data in accordance with the Sophos Privacy Policy.
Note: You must have at least one TA ingestor Add-on as a prerequisite to using the dashboard application.
Dashboard Overview
Threat Dashboard - Use this dashboard to understand threat trends and view threats by type, severity and Source IP over time
Firewall Overview - Quickly determine usage trends of your firewall device with widgets such as Interface Usage and Web Sessions over time.
Web - Provides a snapshot view of web trends and usage over time
Firewall Top 10 - See top trends across application and traffic usage
Traffic - Provides a deeper dive into traffic analysis and visualization
Users - View and filter user interactions by time, group, name and IP address
VPN - View VPN trends such as Usage Over Time, Connection Types, and Web Categories accessed via VPN
Installation & Configuration
The dashboard App may be downloaded from Splunkbase.
Note: Once the application is installed you must tell the application what data indexes it should be using as the source from where to display the data.
Help & Support
Please post feedback or inquiries to our Feedback forum or email: apis @ sophos.com