Integrating Sophos Endpoint Protection with Azure Sentinel RRS feed

  • Domanda

  • We are looking for an option to link Sophos endpoint protection logs to sentinel, but there is no direct data connector in azure sentinel. is there any option to do so?
    • Spostato Femisulu-MSFT giovedì 21 novembre 2019 16:51 better suite here
    mercoledì 20 novembre 2019 12:00


  • Hello Prakashraaj

    Your findings are correct. At this point we do not have an existing data connector for Sophos to ingest the sophos endpoint protection logs to sentinel . However Using the default generic CEF ingestion logic you should be able to ingest the data . You can use Sophos central github guide for SIEM integration to export the details in CEF format . I understand its not straightforward and would take time to test and deploy but ideally it should work. 

    A ready-made connector is not available but I would suggest you to create a request in the uservoice feedback for sentinel which is periodically reviewed by Product group and they would prioritize it accordingly.

    I hope this clarifies your query. If you have any further query on the same , please do let us know and we will be happy to help . Also if the  information provided in this post helps you , please do mark it as answer so that its helpful to the users in the community . 

    Thank you. 

    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!

    lunedì 25 novembre 2019 06:03

Tutte le risposte