Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Sophos Endpoint Security and Control

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
 SNMP Trap

Event Types

In ADMIN > Device Support > Event Types, search for "sophos endpoint" to see the event types associated with this application or device. 

Sophos Configuration

SNMP Trap

FortiSIEM processes Sophos Endpoint control events via SNMP traps sent from the management console. Configure the management console to send SNMP traps to FortiSIEM, and the system will automatically recognize the messages.

SNMP Traps are configured within the Sophos policies.

  1. In the Policies pane, double-click the policy you want to change.
  2. In the policy dialog, in the Configure panel, click Messaging.
  3. In the Messaging dialog, go to the SNMP messaging tab and select Enable SNMP messaging.
  4. In the Messages to send panel, select the types of event for which you want Sophos Endpoint Security and Control to send SNMP messages.
  5. In the SNMP trap destination field, enter the IP address of the recipient.
  6. In the SNMP community name field, enter the SNMP community name.

Sample SNMP Trap

2011-05-03 18:22:32 172.15.30.8(via UDP: [172.15.30.8]:1216) TRAP, SNMP v1, community public
SNMPv2-SMI::enterprises.2604.2.1.1.1 Enterprise Specific Trap (1) Uptime: 5:59:55.31
SNMPv2-SMI::enterprises.2604.2.1.1.2.1.1 = STRING: "File \"C:\WINDOWS\system32\LDPackage.dll\" belongs to virus/spyware 'Mal/Generic-S'."SNMPv2-SMI::enterprises.2604.2.1.1.2.2.2 = STRING: "9.5.5"

Sophos Endpoint Security and Control

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
 SNMP Trap

Event Types

In ADMIN > Device Support > Event Types, search for "sophos endpoint" to see the event types associated with this application or device. 

Sophos Configuration

SNMP Trap

FortiSIEM processes Sophos Endpoint control events via SNMP traps sent from the management console. Configure the management console to send SNMP traps to FortiSIEM, and the system will automatically recognize the messages.

SNMP Traps are configured within the Sophos policies.

  1. In the Policies pane, double-click the policy you want to change.
  2. In the policy dialog, in the Configure panel, click Messaging.
  3. In the Messaging dialog, go to the SNMP messaging tab and select Enable SNMP messaging.
  4. In the Messages to send panel, select the types of event for which you want Sophos Endpoint Security and Control to send SNMP messages.
  5. In the SNMP trap destination field, enter the IP address of the recipient.
  6. In the SNMP community name field, enter the SNMP community name.

Sample SNMP Trap

2011-05-03 18:22:32 172.15.30.8(via UDP: [172.15.30.8]:1216) TRAP, SNMP v1, community public
SNMPv2-SMI::enterprises.2604.2.1.1.1 Enterprise Specific Trap (1) Uptime: 5:59:55.31
SNMPv2-SMI::enterprises.2604.2.1.1.2.1.1 = STRING: "File \"C:\WINDOWS\system32\LDPackage.dll\" belongs to virus/spyware 'Mal/Generic-S'."SNMPv2-SMI::enterprises.2604.2.1.1.2.2.2 = STRING: "9.5.5"