If it's unable to resolve assets or accounts using the source address, it will use the assets or accounts present in the log lines, if any. Use IDR engine if possible if not, use event logīy selecting this option, the InsightIDR attribution engine will perform attribution using the source address present in the log lines.When setting up Sophos XG as an event source, you will have the ability to specify the following attribution options: Sophos XG product logs can contain information about hosts and accounts. Optionally choose to Encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.Select syslog and specify the port and protocol you configured earlier.Configure your default domain and any advanced settings.Optionally choose to send unparsed logs.Choose the time zone that matches the location of your event source logs.When choosing an event source from the firewall options, be sure to select the correct one. The event source Sophos XG is not the same as Sophos Firewall (UTM). If you want, you can also name your event source. Choose your collector and event source.From the “Security Data” section, click the Firewall icon.When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.From your dashboard, select Data Collection on the left hand menu.
Follow the directions here: Configure Sophos XG Event Source You can use the Sophos Central API to configuring log forwarding to a SIEM, or InsightIDR. Sophos Central is the tool that allows for central management of firewall configuration. Follow the instructions provided by Sophos here: įor best results, use the system with the InsightIDR Collector as your syslog server location for:Īdditionally, choose the following options during configuration: You can configure your Sophos XG to forward its logs to a syslog server. To ensure Sophos XG forwards its log to InsightIDR, you must configure: Sophos XG is an on-premises next-generation firewall appliance that can send its logs to InsightIDR.
0 kommentar(er)
