Sophos XG Firewall Integration Guide
integrations network sophos firewall
Sophos XG should be configured to send logs via syslog to the Taegis™ XDR Collector. Please follow the instructions in Sophos’s documentation to add a syslog server.
Connectivity Requirements ⫘
| Source | Destination | Protocol/Port |
|---|---|---|
| Sophos XG | XDR Collector (mgmt IP) | UDP/514 |
Data Provided from Integration ⫘
| Antivirus | Auth | DHCP | DNS | Encrypt | File | HTTP | Management | Netflow | NIDS | Process | Thirdparty | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sophos XG | D | Y | Y | D | D | V |
Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions ⫘
To configure Sophos XG to send logs to Secureworks® Taegis™ XDR via syslog, follow the instructions provided by Sophos to add a syslog server.
Consider the following requirements when completing the configuration steps:
- IP Address / Domain — The IP address of the XDR Collector
- Port — 514
- Facility — Any facility, as this does not impact log forwarding
- Severity Level — Info
- Format — Standard syslog protocol