Перейти к основному контенту
Центр разработки для Windows

Integrating Sophos Endpoint Protection with Azure Sentinel RRS feed


  • Hello Prakashraaj

    Your findings are correct. At this point we do not have an existing data connector for Sophos to ingest the sophos endpoint protection logs to sentinel . However Using the default generic CEF ingestion logic you should be able to ingest the data . You can use Sophos central github guide for SIEM integration to export the details in CEF format . I understand its not straightforward and would take time to test and deploy but ideally it should work. 

    A ready-made connector is not available but I would suggest you to create a request in the uservoice feedback for sentinel which is periodically reviewed by Product group and they would prioritize it accordingly.

    I hope this clarifies your query. If you have any further query on the same , please do let us know and we will be happy to help . Also if the  information provided in this post helps you , please do mark it as answer so that its helpful to the users in the community . 

    Thank you. 

    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!

    25 ноября 2019 г. 6:03

Все ответы