Splunk Search

How to onboard Sophos Firewall logs in Splunk Cloud instance?

ravikm_bdvt
New Member

Team,

I am new to Splunk Cloud.

I need someone's help to get stated with Splunk.

I have the Splunk cloud instance up and running, now, I want to onboard Sophos on prem physical appliance firewall production logs in to Splunk, i would appreciate if you could help me with step by step methods to achieve this goal.

Likewise, I also need to onboard AV logs, please provide me step by step methods

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @ravikm_bdvt,

are your on-premise firewalls manager by an on-premise instance or by a cloud instance?

if by a cloud instance, you can use the Sophos central App (https://splunkbase.splunk.com/app/3612) following the instructions available from Sophon about Splunk integration.

If instead you have an on-premise management, I hint to use one or (better) two Heavy Forwarders to receive Sophos logs and to send them to Splunk Cloud.

using Splunk Cloud it's a best practice to use one or (better) two HFs as concentrators to avoid to open firewall routs between Splunk Cloud and your on-premise devies.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...