Sophos Cloud Optix connector for Microsoft Sentinel
The Sophos Cloud Optix connector allows you to easily connect your Sophos Cloud Optix logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's cloud security and compliance posture and improves your cloud security operation capabilities.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | SophosCloudOptix_CL |
| Data collection rules support | Not currently supported |
| Supported by | Sophos |
Query samples
Top 10 Optix alerts raised for your cloud environment(s)
SophosCloudOptix_CL
| summarize count() by alertDescription_s
| top 10 by count_
Top 5 environments with High severity Optix alerts raised
SophosCloudOptix_CL
| where severity_s == 'HIGH'
| summarize count() by accountId_s
| top 5 by count_
Vendor installation instructions
- Get the Workspace ID and the Primary Key
Copy the Workspace ID and Primary Key for your workspace.
- Configure the Sophos Cloud Optix Integration
In Sophos Cloud Optix go to Settings->Integrations->Microsoft Sentinel and enter the Workspace ID and Primary Key copied in Step 1.
- Select Alert Levels
In Alert Levels, select which Sophos Cloud Optix alerts you want to send to Microsoft Sentinel.
- Turn on the integration
To turn on the integration, select Enable, and then click Save.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for