All Apps and Add-ons
Highlighted

Does documentation exist for Sophos App & Add-on for Splunk?

Path Finder

I've been using the previous now deprecated Sophos App for Splunk and have seen the pages for the two new apps. Because the previous version only involved 1 app, it was easy to install and contained documentation for setup. Is there any additional complexity with the new apps? Where is the app and add-on supposed to be installed? Is there any documentation provided/setup?

Thanks in advance!

0 Karma
Highlighted

Re: Does documentation exist for Sophos App & Add-on for Splunk?

Super Champion

In a distributed deployment, install the Splunk Add-on for Sophos to your search heads, indexers, and forwarders.
refer below document for detailed information on Splunk Add-on for Sophos-

http://docs.splunk.com/Documentation/AddOns/released/Sophos/Description
Go through all topics on left side like Overview, Installation and Configuration etc.

0 Karma
Highlighted

Re: Does documentation exist for Sophos App & Add-on for Splunk?

Path Finder

Thanks for the reply. Unfortunately, this is not the version I was asking about, so my apologies for not being clear. Below are the links for the app & add-on in question:

https://splunkbase.splunk.com/app/4096/
https://splunkbase.splunk.com/app/4097/

The deprecated version in question was: https://splunkbase.splunk.com/app/3612/

0 Karma
Highlighted

Re: Does documentation exist for Sophos App & Add-on for Splunk?

Path Finder

The app should be configured on the Search head and the add-on, which will do your API calls for data inputs, could be on the search head as well unless you are using Splunk Cloud. Then you should have a separate box for the add-on, ideally a HF.

0 Karma
Highlighted

Re: Does documentation exist for Sophos App & Add-on for Splunk?

Path Finder

I'm not cloud, but i do run over 150 UF's with a deployment manager. I wasn't sure if I needed to install this on all my UF's (endpoints) or if this is unwarranted since its just querying Sophos for the info.

0 Karma
Highlighted

Re: Does documentation exist for Sophos App & Add-on for Splunk?

Path Finder

I dont believe so. You should be able to install it on your search head and configure the add-on/data inputs there (as long as you're not in a clustered search head env)

0 Karma
Highlighted

Re: Does documentation exist for Sophos App & Add-on for Splunk?

Explorer

HI, We are in the same situation I have Sophos Central and i have installed the Addon app and the Sophos App and I have configured the Add on in the inputs with the API info is there any other settings I need to setup to get this to work?

0 Karma