Sophos Endpoint Security and Control
What is Discovered and Monitored
|Protocol||Information Discovered||Metrics Collected||Used For|
In ADMIN > Device Support > Event, search for "sophos endpoint" in the Device Type column to see the event types associated with this application or device.
FortiSIEM processes Sophos Endpoint control events via SNMP traps sent from the management console. Configure the management console to send SNMP traps to FortiSIEM, and the system will automatically recognize the messages.
SNMP Traps are configured within the Sophos policies.
- In the Policies pane, double-click the policy you want to change.
- In the policy dialog, in the Configure panel, click Messaging.
- In the Messaging dialog, go to the SNMP messaging tab and select Enable SNMP messaging.
- In the Messages to send panel, select the types of event for which you want Sophos Endpoint Security and Control to send SNMP messages.
- In the SNMP trap destination field, enter the IP address of the recipient.
- In the SNMP community name field, enter the SNMP community name.
Sample SNMP Trap
2011-05-03 18:22:32 18.104.22.168(via UDP: [22.214.171.124]:1216) TRAP, SNMP v1, community public SNMPv2-SMI::enterprises.2604.2.1.1.1 Enterprise Specific Trap (1) Uptime: 5:59:55.31 SNMPv2-SMI::enterprises.2604.2.1.1.2.1.1 = STRING: "File \"C:\WINDOWS\system32\LDPackage.dll\" belongs to virus/spyware 'Mal/Generic-S'."SNMPv2-SMI::enterprises.2604.2.1.1.2.2.2 = STRING: "9.5.5"