Sophos Events Database

Overview

Evidence: Sophos Events Database Description: Collect Sophos Events Database Category: Applications Platform: aix Short Name: sedb Is Parsed: No Sent to Investigation Hub: Yes Collect File(s): Yes

Background

Sophos Anti-Virus for Mac maintains an events database (events.db) that stores all security events, threat detections, scan results, and quarantine activities. This SQLite database contains comprehensive security event history.

Data Collected

This collector gathers structured data about sophos events database.

Collection Method

This collector gathers the Sophos events.db database file from the system-wide Library/Sophos Anti-Virus directory, which contains structured security event data.

Forensic Value

The Sophos events database is critical for investigating malware detections, understanding threat timelines, identifying quarantined files, and analyzing security incidents on macOS. It provides detailed, queryable security event history.