Sophos Logs

Overview

Evidence: Sophos Logs Description: Collect Sophos Logs Category: Applications Platform: macos Short Name: splgs Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Sophos maintains multiple log files on macOS including the main Anti-Virus log, updater log, and LiveQuery osquery logs. These logs capture real-time protection events, update activities, and endpoint detection query results.

Data Collected

This collector gathers structured data about sophos logs.

Collection Method

This collector gathers Sophos log files from system-wide Library/Logs directories, including the main antivirus log, update logs, and LiveQuery/osquery logs for endpoint detection and response.

Forensic Value

Sophos logs provide comprehensive security visibility including virus detections, update status, EDR queries, and system protection events. The LiveQuery logs reveal endpoint detection activities and security monitoring queries executed on the system.