Skip to content

Sophos Linux Sensor (SLS) Introduction🔗

Sophos Linux Sensor (SLS) is a lightweight agent for monitoring Linux workloads, particularly in containerized environments. It collects security-relevant events from hosts and containers and integrates via APIs with Secureworks® Taegis™ XDR and your existing logging, alerting, and threat response tooling. This enables consistent detection, alerting, and automated response across a wide range of Linux distributions and kernel versions in public cloud, private cloud, and on-premises deployments.

Deployment on Kubernetes is supported via Helm charts, offering a templated method to authenticate, deploy, and configure Sophos Linux Sensor. SLS is also distributed as Debian and RPM packages and as Docker images, available through the Sophos package repository and Sophos Docker registry. With SLS, you can monitor and detect unwanted security events across enterprise Linux systems, integrate telemetry into existing workflows, and create custom detection rulesets.

With SLS, you can do the following:

  • Monitor and detect unwanted security events across your containerized Linux systems.
  • Integrate SLS with your existing logging and alerting infrastructure.
  • Create custom detection rules using SLS telemetry.

Overview of Components🔗

  • Sensor: A lightweight agent installed on Linux hosts, collecting events from the hosts to trigger alert generation or automated response.

  • Detections: Sets of detection/response rules that monitor specified resources for a certain set of abnormal activity or conditions.

  • Alerting: The output of detection policies, notifying when system behaviors violate the specified policy.

SLS Distribution and Kernel Support🔗

Validate that your system supports SLS before deploying the agent. See Sophos Linux Sensor Distribution and Kernel Support for more information.

Installation🔗

For guidance on installing SLS on Kubernetes using Helm charts, and links to Sophos' documentation for other specific deployment scenarios, see Sophos Linux Sensor Installation.

Resources🔗

Refer to Sophos' Sophos Linux Sensor documentation for additional information about the SLS agent, including configuration options, troubleshooting guidance, and other details.