Splunk® Supported Add-ons

Splunk Add-on for Sophos

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Sophos

The Splunk Add-on for Sophos provides the index-time and search-time knowledge for Sophos Endpoint Protection. Data can be received via WinEventLogs using a forwarder with Splunk Add-on for Windows, Sophos Enterprise Console Server logs using Sophos Report Interface, and syslog.

Sophos Endpoint Security application logs

The system logs of Sophos Endpoint Security, stored in Windows event logs. Collect this data using a Splunk Forwarder and Splunk Add-on for Windows.

Sophos Endpoint Security patch logs

The patching logs of Sophos Endpoint Security. Collect this data using a Splunk Forwarder and Splunk Add-on for Windows.

  • Source type: WinEventLog:SophosPatch

Sophos Endpoint Console Server Logs

Collect this data using a Splunk Forwarder and the Splunk Add-on for Sophos.

  • Source type: sophos:sec (maps to Change Analysis, Malware, Network Traffic)
  • Source type: sophos:threats
  • Source type: sophos:webdata
  • Source type: sophos:firewall (maps to Network Traffic)
  • Source type: sophos:AppControl
  • Source type: sophos:devicecontrol
  • Source type: sophos:tamperprotection (maps to Change Analysis)
  • Source type: sophos:datacontrol
  • Source type: sophos:computerdata (maps to Malware)

Sophos Endpoint Console Syslog Logs

This data may be indexed via syslog over the network using Sophos Report Interface.

Last modified on 20 November, 2020
Lookups for the Splunk Add-on for Sophos
Release notes for the Splunk Add-on for Sophos

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters