Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Sophos Event Detection

by Michael Willison
March 12, 2015

Sophos Event Detection

Often a Sophos analyst would like to know what type of Sophos events are occurring on the network. SecurityCenter can query the Log Correlation Engine (LCE) to discover which Sophos events were detected on the network. By performing these queries, an analyst can determine the type of activity that Sophos services are seeing on the network.

The charts in the Sophos Event Detection report can help an analyst understand what Sophos events were generated over the last 7 days. Using this report, an analyst will be able to determine if Sophos is operating properly and what threats are being detected.  There are many reasons why Sophos events may be generated. For example, users may cancel Sophos scans because they slow down their systems, Sophos end points can’t receive updates, or there could be malware attempting to load onto the systems. The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Discovery & Detection. The report requirements are:

  • SecurityCenter 4.8.1
  • LCE 4.4.0

Establish a true threat intelligence with Tenable’s SecurityCenter Continuous View (CV) and the Log Correlation Engine (LCE). SecurityCenter CV is the market leader in providing a unique combination of vulnerability detection, compliance auditing, and reporting. LCE provides deep packet inspection to continuously discover and track users, applications, cloud infrastructure, trust relationships, and vulnerabilities.

Description of Chapter:

  • Executive Summary: There are 2 charts in the Executive Summary chapter. These are Sophos Event Type Indicators and Trending of Sophos Events over the last 7 day charts. Both of these charts will provide an analyst with a good overview of the different types of activities surrounding Sophos events on the network. 
  • Sophos Top 10 Users and Systems: The Sophos Top 10 Users and System chapter has 4 charts to display the Sophos event activities associated with users, systems and network subnets. These charts are Top 10 Users with Sophos Events, Summary of Sophos User Events, Top 10 Systems with Sophos Events, and Top 10 Class C Networks with Sophos Events.  
  • Sophos Event Summary: The Sophos Event Summary chapter will display 2 charts. These are Sophos Event by Category Types and Normalized Sophos Events. The Sophos Event by Category Types will display only the Catogory types that have been detected over the last 7 days. The Normalized Sophos events will display the top 100 Sophos events over the last 7 days.
  • Sophos Event Details: The Sophos Event Details chapter will display 1 table. The Sophos Event Detail table will display time of the event, event type, the LCE sensor, and the raw syslog event. This will provide the analyst the last 100 Sophos event over the last 7 days.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training