Sophos XGS Firewall Integration Guide🔗
The following instructions are for configuring a Sophos XGS firewall to facilitate log ingestion into Secureworks® Taegis™ XDR.
Connectivity Requirements🔗
| Source | Destination | Protocol/Port |
|---|---|---|
| Sophos XGS | XDR Collector (mgmt IP) | UDP/514 |
Data Provided from Integration🔗
| Normalized Data | Out-of-the-Box Detections | Vendor-Specific Detections | |
|---|---|---|---|
| Sophos XGS Firewall | Antivirus, DHCP, Managementevent | Auth, HTTP, Netflow | Email, NIDS |
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions🔗
Sophos XGS should be configured to send logs via syslog to the Taegis™ XDR Collector. Please follow the instructions in Sophos’s documentation to add a syslog server.
Consider the following requirements when completing the configuration steps:
- IP Address / Domain — The IP address of the XDR Collector
- Port — 514
- Facility — Any facility, as this does not impact log forwarding
- Severity Level — Info
- Format — Standard syslog protocol