Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Sophos Event Detection

by Michael Willison
December 19, 2014

Sophos Event Detection

Often a Sophos analyst would like to know what type of Sophos events are occurring on the network. SecurityCenter can query the Log Correlation Engine (LCE) to discover which Sophos events were detected on the network. By performing these queries, an analyst can determine the type of activity that Sophos services are seeing on the network.

The components in this dashboard can help an analyst understand what Sophos events were generated over the last seven days. Using this dashboard, an analyst will be able to determine if Sophos is operating properly and what threats are being detected. 

The dashboard and its components are available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Discovery & Detection.

The dashboard requirements are:

  • SecurityCenter 4.7
  • LCE 4.4.0

Establish true threat intelligence with Tenable’s SecurityCenter Continuous View (CV) and the Log Correlation Engine (LCE). SecurityCenter CV is the market leader in providing a unique combination of vulnerability detection, compliance auditing, and reporting. LCE provides deep packet inspection to continuously discover and track users, applications, cloud infrastructure, trust relationships, and vulnerabilities.

    The following components are included in this collection:

    • Sophos Event Detection - Normalized Events: This table displays the top 100 most common normalized Sophos events detected in the last seven days. Each row also displays the trending of the event over the last seven days. For more information on these events, the analyst can click on the browse component data icon (which looks like a little bar chart) in the upper right hand corner of the component.
    • Sophos Event Detection - Sophos Event Types: Tenable LCE groups Sophos events into 13 categories. These are access-denied, application, compliance, data-leak, DOS, error, firewall, intrusion, login-failure, network, scanning, virus, and web-error. This pie chart displays the relative counts of Sophos events detected over the last seven days in each of these categories.
    • Sophos Event Detection - Top 10 Systems with Sophos Events: This bar chart displays the top 10 systems with the most Sophos events over the last seven days. This chart will help an analyst determine what systems need to be investigated first. For more information on these events, the analyst can click on the browse component data icon (which looks like a little bar chart) in the upper right hand corner of the component.
    • Sophos Event Detection - Top 10 Users with Sophos Events: This bar chart displays the top 10 users with the most Sophos events over the last seven days. There are many reasons why some users might have more Sophos events than others. For example  users may keep canceling Sophos scans because they slow down their systems, Sophos end points can’t get updates, or there could be malware attempting to load on the systems. Understanding which users are generating the most Sophos events allows the organiztion to take appropriate actions.
    • Sophos Event Detection - Event Type Indicators: This matrix component displays indicators for detections of 24 critical Sophos events over the past seven days. A purple indicator represents detection of informational type of Sophos events, a green indicator represents low impact events, an orange indicator represents medium impact events, and a red indicator represents high impact events.
    • Sophos Event Detection - Seven Day Trending of Sophos Events: This component displays trend lines for Sophos events over a seven day period. Tenable LCE groups Sophos events into 13 categories. These are access-denied, application, compliance, data-leak, DOS, error, firewall, intrusion, login-failure, network, scanning, virus, and web-error. Each trend line represents one of these groupings. This trending chart will show an analyst if there were days with more activity than others.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Try Tenable Web App Scanning

    Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

    Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

    Buy Tenable Web App Scanning

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    5 FQDNs

    $3,578

    Buy Now

    Try Tenable Lumin

    Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

    Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

    Buy Tenable Lumin

    Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

    Try Tenable Nessus Professional Free

    FREE FOR 7 DAYS

    Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

    NEW - Tenable Nessus Expert
    Now Available

    Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

    Fill out the form below to continue with a Nessus Pro Trial.

    Buy Tenable Nessus Professional

    Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

    Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

    Select Your License

    Buy a multi-year license and save.

    Add Support and Training

    Try Tenable Nessus Expert Free

    FREE FOR 7 DAYS

    Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

    Already have Tenable Nessus Professional?
    Upgrade to Nessus Expert free for 7 days.

    Buy Tenable Nessus Expert

    Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

    Select Your License

    Buy a multi-year license and save more.

    Add Support and Training