All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Does documentation exist for Sophos App & Add-on for Splunk?

salbro
Path Finder
‎10-03-2018 12:16 PM

I've been using the previous now deprecated Sophos App for Splunk and have seen the pages for the two new apps. Because the previous version only involved 1 app, it was easy to install and contained documentation for setup. Is there any additional complexity with the new apps? Where is the app and add-on supposed to be installed? Is there any documentation provided/setup?

Thanks in advance!

0 Karma
Reply

JScordo
Path Finder
‎03-21-2019 06:46 AM

The app should be configured on the Search head and the add-on, which will do your API calls for data inputs, could be on the search head as well unless you are using Splunk Cloud. Then you should have a separate box for the add-on, ideally a HF.

0 Karma
Reply

salbro
Path Finder
‎03-21-2019 12:09 PM

I'm not cloud, but i do run over 150 UF's with a deployment manager. I wasn't sure if I needed to install this on all my UF's (endpoints) or if this is unwarranted since its just querying Sophos for the info.

0 Karma
Reply

aoweneoecoop
Explorer
‎12-27-2019 04:43 AM

HI, We are in the same situation I have Sophos Central and i have installed the Addon app and the Sophos App and I have configured the Add on in the inputs with the API info is there any other settings I need to setup to get this to work?

0 Karma
Reply

JScordo
Path Finder
‎03-21-2019 12:26 PM

I dont believe so. You should be able to install it on your search head and configure the add-on/data inputs there (as long as you're not in a clustered search head env)

0 Karma
Reply

493669
Super Champion
‎10-03-2018 10:21 PM

In a distributed deployment, install the Splunk Add-on for Sophos to your search heads, indexers, and forwarders.
refer below document for detailed information on Splunk Add-on for Sophos-

http://docs.splunk.com/Documentation/AddOns/released/Sophos/Description
Go through all topics on left side like Overview, Installation and Configuration etc.

0 Karma
Reply

salbro
Path Finder
‎10-04-2018 06:04 AM

Thanks for the reply. Unfortunately, this is not the version I was asking about, so my apologies for not being clear. Below are the links for the app & add-on in question:

https://splunkbase.splunk.com/app/4096/
https://splunkbase.splunk.com/app/4097/

The deprecated version in question was: https://splunkbase.splunk.com/app/3612/

0 Karma
Reply

eegiievol
Explorer
‎09-02-2020 05:16 AM

Have you resolved the issue. I have configured inputs config and see nothing. I saw this error in log file:

HTTPError: HTTP 500 Internal Server Error -- {"messages":[{"type":"ERROR","text":"Cannot call handler 'SophosAddOnForSplunk_sophos_central_events' due to missing script 'SophosAddOnForSplunk_rh_soph
os_central_events.py'."}]}

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top