This Splunk App leverages the Sophos Central API to collect events and alert notifications from registered endpoints and devices.
The application provides an overview dashboard, and fields conforming to CIM 4.8 Malware_*
You will need to obtain an API key from your Sophos Central account. On first run the setup screen will prompt you to configure the app with your account details
Icon made by Freepik from www.flaticon.com
You will need to obtain a Sophos Central API token to start reciving events from Sophos Central. To do so, login to your Sophos Central acocunt, and navigate to Global Settings, and then choose "API Token Management"
Choose "New Token" and then provide a name for the token.
From the resulting credentials you will need to make note of the "api access url", "x-api-key" and authorisation string.
Open the Splunk App, and enter the details as follows
Thank You For Using "Sophos Central App for Splunk"
Notice: This app should be considered depricated
Thank you for using this Splunk App, I hope you have found it useful and I thank the many of you who have offered words of thanks and contributed improvments and bug fixes.
In late 2017 I changed jobs which meant I no longer had access to a Sophos Central subcription which made updating and helping users a bit more challenging. Where possible I had tried to incorporate changes, but this was not always easy.
From 1st August Sophos have released thier own supported TA and Application, and this should be the recommended approach for all existing Sophos users.
You can find the new Sophos Supported Versions here:
TA Sophos Add-on for Splunk https://splunkbase.splunk.com/app/4096/
APP Sophos App for Splunk https://splunkbase.splunk.com/app/4097/
Thanks once again. Happy Splunking!
Minor bug fixes as contributed from Splunk Answers - Thanks for the feedback!
Also - cross platform compatibility improved (windows)
* Fixed authentication bug
* Corrected Typo
Please feedback suggestions and enhancements via Splunk Answers
Please submit feedback via answers.splunk.com
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.