Sophos now offers and supports two Splunk data add-on apps, as well as a dashboard app for visualizing the data across products.
*Note: These installers are provided to our partners and customers "as is" for improving their business processes and conducting threat hunting. By using any of the below software, you agree to the Sophos API & Plugins Terms of Use. You also acknowledge that Sophos processes personal data in accordance with the Sophos Privacy Policy. |
- Sophos Firewall Ingestor via syslog forward
- Sophos Central Data Ingestor
- Ingests data across
- Central Endpoints API
- Central Alerts API
- Central SIEM Events API
- Ingests data across
- Sophos Dashboard App to select data sources and provide insightful dashboards across Central Data, XG data, or both if using both Add-ons.
- Download from Splunkbase.
Note: You must have at least one TA ingestor Add-on as a prerequisite to using the dashboard application.
Threat Dashboard - Use this dashboard to understand threat trends and view threats by type, severity and Source IP over time
- Correlate data between Central and (XG) Firewall if using both TA Add-ons.
Firewall Overview - Quickly determine usage trends of your firewall device with widgets such as Interface Usage and Web Sessions over time.
Web - Provides a snapshot view of web trends and usage over time
Firewall Top 10 - See top trends across application and traffic usage
Traffic - Provides a deeper dive into traffic analysis and visualization
Users - View and filter user interactions by time, group, name and IP address
VPN - View VPN trends such as Usage Over Time, Connection Types, and Web Categories accessed via VPN