As you probably know, Splunk is a world leader in data management and Security Information and Event Management (SIEM) and provides a perfect complement to Sophos Firewall and Sophos Central for on-premise firewall log storage and analysis.
The Splunk integration with Sophos Firewall includes two Splunk applications:
- Sophos Firewall Technology Add-on (TA) for Splunk that parses the data collected from Sophos Firewall.
- Sophos App for Splunk that provides a series of pre-packaged dashboards for visualizing data from your Sophos Firewall in Splunk
Here are a couple of examples of what you can see in Splunk with the app:
There are dashboard widgets for:
- Threats
- Firewall usage and activity
- Web traffic, bandwidth and activity
- Top applications and clients
- Traffic types and TLS encryption
- Users and connections
- VPN
This new Splunk integration for Sophos Firewall is a great compliment to Sophos Central cloud-based Firewall Reporting for doing on-premise reporting or for integrating Sophos Firewall into your Splunk SIEM solution.
How to Get Started
You will need SFOS v18 MR1 build 396 or later running on your Firewall to participate in this early access program.
Full details on the pre-requisites, download links, and setup instructions are here on the Sophos Community.
Get more information and share your feedback on the community forums.
Visit the Sophos Partner Portal for product and sales resources on Sophos Firewall.