Sophos Breach Detection
Sophos is an awesome breach detection platform. If you aren't already using it, you should be.So should your clients. It provides a nice compliment to your anti-malware protection by checking unknown processes while anti-malware checks what it recognizes.
Sophos Platform Verification
Lavawall® displays a Sophos icon in the platform so you can quickly recognize systems with and without Sophos monitoring.When this icon is visible, details for this system will also be available if you have configured the Sophos API in Lavawall®
A danger circle around the icon indicates that Sophos has one or more open incidents on the device.
Mouseover the Sophos icon to see how many open incidents are on the device.
Sophos Device and Incident Details
If Sophos is installed, you will see one of two indications in Device Details (when you either select a device from the Search box or click one in the computers list) under Operating System:Sophos Installed:
This indicates that Sophos is installed, but there are no active incidents. In this case, the Sophos tab is hidden.
Sophos open incidents
This indicates that Sophos is installed and there is an open incident. Details are in the Sophos tab.
Sophos API Setup
Lavawall's API integration automatically correlates Sophos and Lavawall® organizations, facilitates installations, highlights partially-installed Macs that need extra permissions for Sophos to work properly, and gives easier access to Sophos reporting information.Note: Sophos integration may not be available on all systems or companies. We are currently deploying it in our phased roll-out process.
If you don’t already have an API key from Sophos:
- Log into Sophos.io.
- Click the three lines in the top right corner and select API Credentials
- Generate or Regenerate the API credentials as needed
- Record the API Key and API Secret in your password manager
- Click Sophos in the left-side menu of the Lavawall® console
- Copy and paste the Sophos API key and secret into the fields at the top of the Lavawall® summary and click Update
These fields may be under the instructions and video on smaller screens.
Sophos Summary
Lavawall® will use detected Sophos installations to figure out which Sophos organization keys belong to which Lavawall® companies.When you click the Sophos option in the side menu or top search after it is set up, you will see open Sophos incidents followed by a company-based summary of Sophos statistics.
Click the incident summary to view the details in the Sophos tab of the device’s details.
View company computers with or without Sophos Installed, and those with active incidents by clicking the links in the Lavawall company summary.
Sophos Filter
In addition to filtering devices by Sophos status from the Sophos Summary, you can also use the filter in the computer listing.
Device Details
Devices with active Sophos incidents have a Sophos tab in their device details, which lists the active incidents.You can go to this tab directly by clicking a Sophos logo with an orange circle in the computer listings, or clicking the tab when you’re in the details.
If you have any questions or need further assistance, feel free to reach out through our chat, phone or email on our contact page!