Sophos Secure Web Gateway
Configure Sophos to send logs to syslog, which InsightIDR collects for ingestion. Documentation on how to do this can be found here: http://wsa.sophos.com/webhelp/index.html.
How to Configure This Event Source
- From your dashboard, select Data Collection on the left hand menu.
- When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
- From the “Security Data” section, click the Web Proxy icon. The “Add Event Source” panel appears.
- Choose your collector and event source. You can also name your event source if you want.
- Optionally choose to send unparsed logs.
- Choose the timezone that matches the location of your event source logs.
- Select a collection method and specify a port and a protocol.
- Optionally choose to Encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.
- Click Save.
Did this page help you?