CCX Add-on for Sophos XG Firewall

About Us: CyberCX is Australia’s greatest force of cyber security experts. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk. Description: The CCX Add-on for Sophos XG Firewall looks to provide additional field extraction and CIM compliance for Sophos Next Generation Firewall log sources captured via Syslog. This Technical Add-on does not replace the public Splunk Add-on Sophos Next-Gen Firewall (https://splunkbase.splunk.com/app/6187) but works as an additonal extension to be deployed on Search Heads (only). Currently, this add-on provides additional extraction and CIM compliance for the following sourcetypes: - sophos:xg:content_filtering - sophos:xg:firewall - sophos:xg:event - sophos:xg:sandbox - sophos:xg:anti_spam Fully compatible with Splunk Enterprise and Splunk Cloud, built by an Ops team for Ops teams. Features: - This TA currently supports logtypes tagged under the following CIM datamodels: Alerts, Authentication, Network Traffic, Network Session, Performance and Web.