Web Appliance

Key facts

• Community requested filter
• Default port 514

Links

Ref	Link
Splunk Add-on	https://splunkbase.splunk.com/app/6187/
Product Manual	unknown

Sourcetypes

sourcetype	notes
sophos:xg:atp	None
sophos:xg:anti_spam	None
sophos:xg:anti_virus	None
sophos:xg:content_filtering	None
sophos:xg:event	None
sophos:xg:firewall	None
sophos:xg:ssl	None
sophos:xg:sandbox	None
sophos:xg:system_health	None
sophos:xg:heartbeat	None
sophos:xg:waf	None
sophos:xg:wireless_protection	None
sophos:xg:idp	None

Sourcetype and Index Configuration

key	sourcetype	index	notes
sophos_xg_atp	sophos:xg:atp	netdlp	none
sophos_xg_anti_spam	sophos:xg:anti_spam	netdlp	none
sophos_xg_anti_virus	sophos:xg:anti_virus	netdlp	none
sophos_xg_content_filtering	sophos:xg:content_filtering	netdlp	none
sophos_xg_event	sophos:xg:event	netdlp	none
sophos_xg_firewall	sophos:xg:firewall	netdlp	none
sophos_xg_ssl	sophos:xg:ssl	netdlp	none
sophos_xg_sandbox	sophos:xg:sandbox	netdlp	none
sophos_xg_system_health	sophos:xg:system_health	netdlp	none
sophos_xg_heartbeat	sophos:xg:heartbeat	netdlp	none
sophos_xg_waf	sophos:xg:waf	netdlp	none
sophos_xg_wireless_protection	sophos:xg:wireless_protection	netdlp	none
sophos_xg_idp	sophos:xg:idp	netdlp	none