Knowledge BasePanther.comRelease NotesDemo Request
Search…
Overview
Quick Start
Data Sources & Transports
Data Transports
Supported Logs
1Password Logs
Apache Logs
Asana Logs
Atlassian Logs
AWS Logs
Box Logs
Cisco Umbrella Logs
Cloudflare Logs
CrowdStrike Logs
Dropbox Logs
Duo Security Logs
Fastly Logs
Fluentd Logs
GCP Logs
Github Logs
GitLab Logs
G Suite Logs
JAMF Pro Logs
Juniper Logs
Lacework Logs
Microsoft 365 Logs
Microsoft Graph Logs (Beta)
Nginx Logs
Okta Logs
OneLogin Logs
Osquery Logs
OSSEC Logs
Salesforce Logs
Sophos Logs
Slack Logs
Snyk Logs
Suricata Logs
Syslog Logs
Teleport Logs
Zeek Logs
Zoom Logs
Zendesk Logs
Custom Logs
Monitoring Log Sources
Writing Detections
Cloud Security Scanning
Destinations
Data Analytics
Enrichment (Beta)
System Configuration
Panther API (Beta)
Guides
Help
Powered By GitBook
Sophos Logs
Connecting Sophos logs to your Panther Console

Overview

Panther supports ingesting Sophos logs via common Data Transport options: Amazon Web Services (AWS) S3 and SQS.

How to onboard Sophos logs to Panther

To connect these logs into Panther:
  1. 1.
    Set up your Data Transport in the Panther Console.
    • Please follow Panther’s documentation for configuring the Data Transport option you will use:
  2. 2.
    Configure Sophos to push logs to the Data Transport source.
    • See the Sophos documentation for instructions on pushing logs to your selected Data Transport source.

Supported log types

Required fields in the table are in bold.

Sophos.Central

Sophos Central events.
Column
Type
Description
endpoint_id
string
Endpoint ID associated with the event
endpoint_type
string
Type of endpoint
customer_id
string
Customer ID
severity
string
Severity of the event
source_info
{ "ip":string }
Source IP of the endpoint
name
string
Name of threat, or other event details
id
string
Unique identifier for the event
type
string
Type of event
group
string
Category of event
end
timestamp
Time the event occurred on the endpoint
rt
timestamp
Time the event was uploaded to Sophos Central
dhost
string
Source host of the event
suser
string
Logged in user
datastream
string
Alert, or Event, to distinguish between event types
duid
string
Undocumented field
threat
string
Name of the threat
detection_identity_name
string
Name of the detection
filePath
string
Path to the threat
user
string
Undocumented field, but should be same as User
Previous
Salesforce Logs
Next
Slack Logs
Last modified 17d ago
Copy link
Outline
Overview
How to onboard Sophos logs to Panther
Supported log types
Sophos.Central