Sophos new offers and supports three Splunk apps available for cross product threat hunting
- Sophos XG Firewall Ingestor via syslog forward
- Sophos Central Data Ingestor via
- Central Endpoints API
- Central Alerts API
- Central SIEM Events API
- Sophos Dashboard App to select Ingestor data sources and provide insightful dashboards across Central Data, XG data, or both if using both ingestors
Please navigate to the relative page for setup and configuration instructions