Sophos

Sophos offers a range of cybersecurity solutions, including endpoint protection, firewalls, and cloud security. Sophos logs provide detailed information on security events such as malware detections, firewall activity, web filtering, intrusion attempts, and endpoint health. These logs are used to monitor network and device security, investigate threats, and ensure compliance with security policies across an organization’s IT infrastructure.

Ingest Method

This source is a polling source and will download new event/alert logs from the Sophos API approximately every 60 seconds.

Setup

To connect your source, generate an API Token from your Sophos Central account and add it to new RunReveal source in the sources dashboard.

Enter the API Access URL that Sophos provides, and copy the generated Headers into the Headers field.