Splunk Integration for Sophos Firewall

ProdottiSophos Firewall

The product team is pleased to announce the Early Access Program (EAP) for our new Splunk integration and apps for Sophos Firewall.

As you probably know, Splunk is a world leader in data management and Security Information and Event Management (SIEM) and provides a perfect complement to Sophos Firewall and Sophos Central for on-premise firewall log storage and analysis.

The Splunk integration with Sophos Firewall includes two Splunk applications:

  • Sophos Firewall Technology Add-on (TA) for Splunk that parses the data collected from Sophos Firewall.
  • Sophos App for Splunk that provides a series of pre-packaged dashboards for visualizing data from your Sophos Firewall in Splunk

Here are a couple of examples of what you can see in Splunk with the app:

Firewall top 10 applications

 

Threats blocked over time by source (ATP, AV, Sandboxing, WAF)

 

There are dashboard widgets for:

  • Threats
  • Firewall usage and activity
  • Web traffic, bandwidth and activity
  • Top applications and clients
  • Traffic types and TLS encryption
  • Users and connections
  • VPN

This new Splunk integration for Sophos Firewall is a great compliment to Sophos Central cloud-based Firewall Reporting for doing on-premise reporting or for integrating Sophos Firewall into your Splunk SIEM solution.

 

How to Get Started

You will need SFOS v18 MR1 build 396 or later running on your Firewall to participate in this early access program.

Full details on the pre-requisites, download links, and setup instructions are here on the Sophos Community.

Get more information and share your feedback on the community forums.

Visit the Sophos Partner Portal for product and sales resources on Sophos Firewall.