Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Sophos XG Firewall Integration Guide

integrations network sophos firewall

Sophos XG should be configured to send logs via syslog to the Taegis™ XDR Collector. Please follow the instructions in Sophos’s documentation to add a syslog server.

Connectivity Requirements

Source Destination Protocol/Port
Sophos XG Taegis™ XDR Collector (mgmt IP) UDP/514

Data Provided from Integration

  Antivirus Auth DHCP DNS Email Encrypt File HTTP Management Netflow NIDS Process Thirdparty
Sophos XG   D       Y D   D V    

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections


Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Configuration Instructions

To configure Sophos XG to send logs to Secureworks® Taegis™ XDR via syslog, follow the instructions provided by Sophos to add a syslog server.

Consider the following requirements when completing the configuration steps:


On this page: