Team,
I am new to Splunk Cloud.
I need someone's help to get stated with Splunk.
I have the Splunk cloud instance up and running, now, I want to onboard Sophos on prem physical appliance firewall production logs in to Splunk, i would appreciate if you could help me with step by step methods to achieve this goal.
Likewise, I also need to onboard AV logs, please provide me step by step methods
Hi @ravikm_bdvt,
are your on-premise firewalls manager by an on-premise instance or by a cloud instance?
if by a cloud instance, you can use the Sophos central App (https://splunkbase.splunk.com/app/3612) following the instructions available from Sophon about Splunk integration.
If instead you have an on-premise management, I hint to use one or (better) two Heavy Forwarders to receive Sophos logs and to send them to Splunk Cloud.
using Splunk Cloud it's a best practice to use one or (better) two HFs as concentrators to avoid to open firewall routs between Splunk Cloud and your on-premise devies.
Ciao.
Giuseppe