Sophos Secure Web Gateway
Configure Sophos to send logs to syslog, which InsightIDR collects for ingestion. Documentation on how to do this can be found here: http://wsa.sophos.com/webhelp/index.html.
Configure InsightIDR to collect data from the event source
After you complete the prerequisite steps and configure the event source to send data, you must add the event source in InsightIDR.
To configure the new event source in InsightIDR:
- From the left menu, go to Data Collection and click Setup Event Source > Add Event Source.
- Do one of the following:
- Search for Sophos Secure Web Gateway in the event sources search bar.
- In the Product Type filter, select Web Proxy.
- Select the Sophos Secure Web Gateway event source tile.
- Choose your collector and event source. You can also name your event source if you want.
- Optionally choose to send unparsed logs.
- Choose the timezone that matches the location of your event source logs.
- Select a collection method and specify a port and a protocol.
- Optionally choose to Encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.
- Click Save.