Hi Sophos Community, we're pleased to announce that Sophos Firewall logs in Central are now better integrated into the Central Threat Analysis Center! This new integration is now globally available for all customers. This feature shipped in November, so you may have even noticed cases being created before now. Since then, we have been fine-tuning the log handling, to make it ready for full public readiness. As of today, it is fully live, and available for all customers managing SFOS firewalls in Sophos Central, who also have enabled sending logs to Sophos Central.
Features
- Sophos MDR and XDR services may detect threats based on firewall event logs (ATP, IDP, Antivirus, Antispam, Sandbox etc..)
- Automatically create cases in Threat Analysis Center for detected threats
Prerequisites
- Firewalls must be managed in Sophos Central
- "Send reports and logs to Sophos Central" must be enabled
- The "Sophos Firewall" must be enabled in the Threat Analysis Center Integrations marketplace (Enabled by default)