If you're having trouble at any stage please contact us at firstname.lastname@example.org.
Sophos Central is a cloud service, provides one place to manage the Sophos security suite solutions as Sophos mobile, Secure Web Gateway and others. In addition the Sophos Central service is a central service that retrieve the audit activities from the Sophos services.
What is it
SkyFormation for Sophos Central connector, is part of the SkyFormation Cloud Connectors module. It continuously ingests audit events from multiple audit sources in the Sophos Central account, unify the events into a common security events format, enrich the events with needed detection context and send the events to any existing SIEM/SOC system.
SkyFormation for Sophos Central integrates with the Sophos Central service and retrieve the audit events from the different Sophos services integrated with the Sophos Central.
How it works
SkyFormation for Sophos Central connector retrieves the events from the Sophos service account through its APIs. Before sending the events to the existing SIEM/SOC system the connector will
- Unify the events into the SkyFormation unified application events format
- Embed the origin event into the SkyFormation event
- Automatically parse any existing key/property in the origin events into a dedicated filed
- Enrich the event with needed security context
- Encode the resulted event into the target SIEM/Log system needed format as CEF
- Send the event to the existing SIEM/SOC system over syslog