6 Dec 2024

Hi Sophos Community, we're pleased to announce that Sophos Firewall logs in Central are now better integrated into the Central Threat Analysis Center! This new integration is now globally available for all customers. This feature shipped in November, so you may have even noticed cases being created before now. Since then, we have been fine-tuning the log handling, to make it ready for full public readiness. As of today, it is fully live, and available for all customers managing SFOS firewalls in Sophos Central, who also have enabled sending logs to Sophos Central.

Features

Sophos MDR and XDR services may detect threats based on firewall event logs (ATP, IDP, Antivirus, Antispam, Sandbox etc..)
Automatically create cases in Threat Analysis Center for detected threats

Prerequisites

Firewalls must be managed in Sophos Central
"Send reports and logs to Sophos Central" must be enabled
The "Sophos Firewall" must be enabled in the Threat Analysis Center Integrations marketplace (Enabled by default)

More Info

Initial release announcement

Maxim-Sophos 1 month ago in reply to TheMonzel

This will create Detections (suspicious/malicious activity) and, in some instances, those Detections will generate or be aggregated into Cases. I do not believe there should be any change to Alerts.
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
TheMonzel 1 month ago

Probably a dump question, but in which case will this create an Alert as well?
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel

SFOS - Enhanced XDR and MDR Integrations Now Available

Features

Prerequisites

More Info