Sophos now offers and supports three Splunk apps available for cross product threat hunting
- Sophos XG Firewall Ingestor via syslog forward
- Sophos Central Data Ingestor
- Ingests data across
- Central Endpoints API
- Central Alerts API
- Central SIEM Events API
- Ingests data across
- Sophos Dashboard App to select data sources and provide insightful dashboards across Central Data, XG data, or both if using both Add-ons.
- Download from Splunkbase.
Threat Dashboard - Use this dashboard to understand threat trends and view threats by type, severity and Source IP over time
- Correlate data between Central and (XG) Firewall if using both TA Add-ons.
Firewall Overview - Quickly determine usage trends of your firewall device with widgets such as Interface Usage and Web Sessions over time.
Web - Provides a snapshot view of web trends and usage over time
Firewall Top 10 - See top trends across application and traffic usage
Traffic - Provides a deeper dive into traffic analysis and visualization
Users - View and filter user interactions by time, group, name and IP address
VPN - View VPN trends such as Usage Over Time, Connection Types, and Web Categories accessed via VPN
