Sophos Secure Web Gateway

Configure Sophos to send logs to syslog, which InsightIDR collects for ingestion. Documentation on how to do this can be found here: http://wsa.sophos.com/webhelp/index.html.

How to Configure This Event Source

  1. From your dashboard, select Data Collection on the left hand menu.
  2. When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
  3. From the “Security Data” section, click the Web Proxy icon. The “Add Event Source” panel appears.
  4. Choose your collector and event source. You can also name your event source if you want.
  5. Optionally choose to send unparsed logs.
  6. Choose the timezone that matches the location of your event source logs.
  7. Select a collection method and specify a port and a protocol.
    • Optionally choose to Encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.
  8. Click Save.