Sophos XG Firewall Integration Guide
Sophos XG should be configured to send logs via syslog to the Taegis™ XDR Collector. Please follow the instructions in Sophos’s documentation to add a syslog server.
Connectivity Requirements ⫘
|Taegis™ XDR Collector (mgmt IP)
Data Provided from Integration ⫘
Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions ⫘
To configure Sophos XG to send logs to Secureworks® Taegis™ XDR via syslog, follow the instructions provided by Sophos to add a syslog server.
Consider the following requirements when completing the configuration steps:
- IP Address / Domain — The IP address of the Taegis™ XDR Collector
- Port — 514
- Facility — Any facility, as this does not impact log forwarding
- Severity Level — Info
- Format — Device Standard Format