icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Sophos Central app for Splunk
SHA256 checksum (sophos-central-app-for-splunk_106.tgz) 325ace7412839e2e21ecd207d05a486b157a38fad4352d5088f7c917abe5beb2 SHA256 checksum (sophos-central-app-for-splunk_105.tgz) ce711714fb8cf0b62909686c015f3019bb35b2e5adccc5fbd35b2b8c3db9d926 SHA256 checksum (sophos-central-app-for-splunk_102.tgz) 281b0100d0de4d2d2bb9a492ccccfeb2138a345127b59afb1a1beaee23806d56 SHA256 checksum (sophos-central-app-for-splunk_101.tgz) c48c329556326ada5091bd9f4daf75ac7b0236ca3d6ea0f4e61de53e5086088f
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Sophos Central app for Splunk

Overview
Details
This Splunk App leverages the Sophos Central API to collect events and alert notifications from registered endpoints and devices.

The application provides an overview dashboard and fields conforming to CIM 4.8 Malware_*

You will need to obtain an API key from your Sophos Central account. On first run the setup screen will prompt you to configure the app with your account details
See https://github.com/nickhills81/sophos_central/blob/master/README.md for details on obtaining your credentials.

About Sophos Central
Sophos Central is a web-hosted solution which offers protection for users across all their devices and for servers and is the tool that lets administrators manage protection, enforce policies, take action against threats, and generate reports.

Sophos Central App for Splunk

This Splunk App leverages the Sophos Central API to collect events and alert notifications from registered endpoints and devices.

The application provides an overview dashboard, and fields conforming to CIM 4.8 Malware_*

You will need to obtain an API key from your Sophos Central account. On first run the setup screen will prompt you to configure the app with your account details

Icon made by Freepik from www.flaticon.com

Configure the Application

You will need to obtain a Sophos Central API token to start reciving events from Sophos Central. To do so, login to your Sophos Central acocunt, and navigate to Global Settings, and then choose "API Token Management"

Choose "New Token" and then provide a name for the token.

From the resulting credentials you will need to make note of the "api access url", "x-api-key" and authorisation string.

Open the Splunk App, and enter the details as follows

Release Notes

Version 1.0.6
Aug. 1, 2018

Thank You For Using "Sophos Central App for Splunk"
Notice: This app should be considered depricated


Thank you for using this Splunk App, I hope you have found it useful and I thank the many of you who have offered words of thanks and contributed improvments and bug fixes.

In late 2017 I changed jobs which meant I no longer had access to a Sophos Central subcription which made updating and helping users a bit more challenging. Where possible I had tried to incorporate changes, but this was not always easy.

However...

From 1st August Sophos have released thier own supported TA and Application, and this should be the recommended approach for all existing Sophos users.
You can find the new Sophos Supported Versions here:
TA Sophos Add-on for Splunk https://splunkbase.splunk.com/app/4096/
APP Sophos App for Splunk https://splunkbase.splunk.com/app/4097/

Thanks once again. Happy Splunking!
Nick

Version 1.0.5
Oct. 15, 2017

Minor bug fixes as contributed from Splunk Answers - Thanks for the feedback!
Also - cross platform compatibility improved (windows)

Version 1.0.2
June 7, 2017

* Fixed authentication bug
* Corrected Typo

Please feedback suggestions and enhancements via Splunk Answers

Version 1.0.1
June 6, 2017

Initial release.
Please submit feedback via answers.splunk.com

171
Installs
1,526
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.