주 콘텐츠로 건너뛰기

 none
Integrating Sophos Endpoint Protection with Azure Sentinel RRS feed

  • 질문

  • We are looking for an option to link Sophos endpoint protection logs to sentinel, but there is no direct data connector in azure sentinel. is there any option to do so?
    • 이동됨 Femisulu 2019년 11월 21일 목요일 오후 4:51 better suite here
    2019년 11월 20일 수요일 오후 12:00

모든 응답

  • Hi Prakashraaj, moving your question to the Azure security center forum where one of our security SMEs can provide the best possible response/answer.

    Thanks for your patience.

    Cheers.

    2019년 11월 21일 목요일 오후 4:50
  • Hello Prakashraaj

    Your findings are correct. At this point we do not have an existing data connector for Sophos to ingest the sophos endpoint protection logs to sentinel . However Using the default generic CEF ingestion logic you should be able to ingest the data . You can use Sophos central github guide for SIEM integration to export the details in CEF format . I understand its not straightforward and would take time to test and deploy but ideally it should work. 

    A ready-made connector is not available but I would suggest you to create a request in the uservoice feedback for sentinel which is periodically reviewed by Product group and they would prioritize it accordingly.

    I hope this clarifies your query. If you have any further query on the same , please do let us know and we will be happy to help . Also if the  information provided in this post helps you , please do mark it as answer so that its helpful to the users in the community . 

    Thank you. 


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!


    2019년 11월 25일 월요일 오전 6:03
    중재자