none
Integrating Sophos Endpoint Protection with Azure Sentinel RRS feed

  • Pergunta

  • We are looking for an option to link Sophos endpoint protection logs to sentinel, but there is no direct data connector in azure sentinel. is there any option to do so?
    • Movido Femisulu quinta-feira, 21 de novembro de 2019 16:51 better suite here
    quarta-feira, 20 de novembro de 2019 12:00

Todas as Respostas

  • Hi Prakashraaj, moving your question to the Azure security center forum where one of our security SMEs can provide the best possible response/answer.

    Thanks for your patience.

    Cheers.

    quinta-feira, 21 de novembro de 2019 16:50
  • Hello Prakashraaj

    Your findings are correct. At this point we do not have an existing data connector for Sophos to ingest the sophos endpoint protection logs to sentinel . However Using the default generic CEF ingestion logic you should be able to ingest the data . You can use Sophos central github guide for SIEM integration to export the details in CEF format . I understand its not straightforward and would take time to test and deploy but ideally it should work. 

    A ready-made connector is not available but I would suggest you to create a request in the uservoice feedback for sentinel which is periodically reviewed by Product group and they would prioritize it accordingly.

    I hope this clarifies your query. If you have any further query on the same , please do let us know and we will be happy to help . Also if the  information provided in this post helps you , please do mark it as answer so that its helpful to the users in the community . 

    Thank you. 


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!


    segunda-feira, 25 de novembro de 2019 06:03
    Moderador