Sophos Logs

Overview

Evidence: Sophos Logs Description: Collect Sophos Logs Category: Applications Platform: windows Short Name: sphsls Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Sophos is a comprehensive endpoint security suite that includes antivirus, anti-malware, and network threat protection. It maintains logs across multiple components for various security functions including real-time protection and network monitoring.

Data Collected

This collector gathers structured data about sophos logs.

Collection Method

This collector gathers Sophos logs from multiple product components including antivirus, anti-malware, and network threat protection across both legacy and current installations.

Forensic Value

Sophos logs provide extensive security event data including malware detections, network threat blocks, scan results, and intrusion attempts. They're essential for investigating multi-vector attacks and understanding comprehensive threat landscape.