Sophos Cloud Optix connector for Microsoft Sentinel

The Sophos Cloud Optix connector allows you to easily connect your Sophos Cloud Optix logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's cloud security and compliance posture and improves your cloud security operation capabilities.

Connector attributes

Connector attribute Description
Log Analytics table(s) SophosCloudOptix_CL
Data collection rules support Not currently supported
Supported by Sophos

Query samples

Top 10 Optix alerts raised for your cloud environment(s)


| summarize count() by alertDescription_s

| top 10 by count_

Top 5 environments with High severity Optix alerts raised


| where severity_s == 'HIGH'

| summarize count() by accountId_s

| top 5 by count_

Vendor installation instructions

  1. Get the Workspace ID and the Primary Key

Copy the Workspace ID and Primary Key for your workspace.

  1. Configure the Sophos Cloud Optix Integration

In Sophos Cloud Optix go to Settings->Integrations->Microsoft Sentinel and enter the Workspace ID and Primary Key copied in Step 1.

  1. Select Alert Levels

In Alert Levels, select which Sophos Cloud Optix alerts you want to send to Microsoft Sentinel.

  1. Turn on the integration

To turn on the integration, select Enable, and then click Save.

Next steps

For more information, go to the related solution in the Azure Marketplace.