|Protocol||Information Discovered||Metrics Collected||Used For|
In ADMIN > Device Support > Event Types, search for "sophos endpoint" to see the event types associated with this application or device.
FortiSIEM processes Sophos Endpoint control events via SNMP traps sent from the management console. Configure the management console to send SNMP traps to FortiSIEM, and the system will automatically recognize the messages.
SNMP Traps are configured within the Sophos policies.
- In the Policies pane, double-click the policy you want to change.
- In the policy dialog, in the Configure panel, click Messaging.
- In the Messaging dialog, go to the SNMP messaging tab and select Enable SNMP messaging.
- In the Messages to send panel, select the types of event for which you want Sophos Endpoint Security and Control to send SNMP messages.
- In the SNMP trap destination field, enter the IP address of the recipient.
- In the SNMP community name field, enter the SNMP community name.
2011-05-03 18:22:32 22.214.171.124(via UDP: [126.96.36.199]:1216) TRAP, SNMP v1, community public SNMPv2-SMI::enterprises.2604.2.1.1.1 Enterprise Specific Trap (1) Uptime: 5:59:55.31 SNMPv2-SMI::enterprises.2604.2.1.1.2.1.1 = STRING: "File \"C:\WINDOWS\system32\LDPackage.dll\" belongs to virus/spyware 'Mal/Generic-S'."SNMPv2-SMI::enterprises.2604.2.1.1.2.2.2 = STRING: "9.5.5"