Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an App
Warning

This app is archived. Learn more

Sophos Firewall XG App for Splunk app icon

Sophos Firewall XG App for Splunk

This app provides event breaking, field extraction, CIM compliance and visualizations to use Sophos XG data in Splunk. It is compatible and was created with the current 19.5.0 XG Firewall version. This app is an upgraded version of the Sophos editor add-on "Sophos Next-Gen Firewall" also available on the Splunkbase (https://splunkbase.splunk.com/app/6187). It replaces any Sophos XG add-on that you might have. Of course you can combine apps if you want, and only use the "TA part" or the "DA part" of this app. It contains the same base configuration as the official add-on, but it was added : - a better parsing and field extraction - a better CIM compliance coverage - a full web interface to visualize the data, such as security incidents investigation, network and performance troubleshooting, etc. Notes, links and how to install procedure are available in the README file in the app folder.

Built by Romain Caputi
splunk product badge
Latest Version 1.0.5
January 20, 2023
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0
CIM Version: 5.x
Rating

0

(0)

Log in to rate this app
Support
Sophos Firewall XG App for Splunk support icon
Not Supported
Ranking

#16

in Firewall
This app provides event breaking, field extraction, CIM compliance and visualizations to use Sophos XG data in Splunk. It is compatible and was created with the current 19.5.0 XG Firewall version. This app is an upgraded version of the Sophos editor add-on "Sophos Next-Gen Firewall" also available on the Splunkbase (https://splunkbase.splunk.com/app/6187). It replaces any Sophos XG add-on that you might have. Of course you can combine apps if you want, and only use the "TA part" or the "DA part" of this app. It contains the same base configuration as the official add-on, but it was added : - a better parsing and field extraction - a better CIM compliance coverage - a full web interface to visualize the data, such as security incidents investigation, network and performance troubleshooting, etc. Notes, links and how to install procedure are available in the README file in the app folder.

Categories

Created By

Romain Caputi

Type

app

Downloads

1,105

Licensing

Splunk Answers

Resources

Login to report this app listing