Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 5949 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat Protection Reporting in Sophos Central?

Jason Williams

I'm trying to provide some high-level statistics to senior management on our Endpoint Protection.  I'd like to provide some metrics, such as how many systems are protected, how many malicious files were detected, how many were quarantined, etc.  However I do not see anything in our Sophos Central that provides any numbers on Threat Protection.  In fact, the reporting is really kind of terrible that I don't see many metrics at all. 

On my dashboard, I have a grid for Usage Summary and Web Stats, but that's it.

I have "Super Admin" access, so am I missing something somewhere?  Or is this just not a capability of the platform?

Thanks.



This thread was automatically locked due to age.
  • 0

    Hello Jason Williams,

    In Sophos Central, please access  Logs & Reports > Event Reports to see all the available events to report from   (Filtering by Malware events may be useful for what you are looking for). 

    Regarding protected system, please try this:
    Logs & Reports > Computers
    This shows the currently active computers and their status.
    For additional data regarding computers, go back to Overview, then My Products--> Endpoint Protection > Computers
    In there, you will find filters for different statuses (bad status, medium/bad, all computers...).

    For more information regarding reports, please refer to the admin guide 

    If you would like to request additional functionality, please visit this link

    Regards, 

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to Barb@Sophos

    I get that, but it doesn't really help me much.  It gives me a list of events, which is great, but it doesn't give me numbers.  It shows I have over 100000 events just for the last 7 days alone.  Now I have to go through this and try to quantify whether Endpoint Protection is working well for us?

    There needs to be a better way.  Maybe I just need to submit a feature request.

    Thanks.

  • 0 in reply to Jason Williams

    You can export the data to make it easier to sort/filter, here are the options:

     



    Sophos Central also supports SIEM. Please see this entry for more information:
    Sophos Central Adds Support for SIEMs (Splunk, ArcSight, etc)
    Related KB:
    Sophos Central: FAQ on SIEM

    Other than that, you will need to submit a feature request.

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0

    We are looking at adding a malware report to more easily see what has been detected. In the meantime, the events report is the best place to see malware related data, and the computers report is the best place to see a list of protected computers, as noted previously. I have suggested below a list of event types to select to retrieve the right types of data regarding malware.

    The intention is to release a simple malware report (with a list fo tiems detected) and gradually improve it, to include information such as you suggest (e.g. clarifying which items were cleaned successfully).

    We will be releasing the ability to "save" reports soon (potentially next month, October), meaning you will not have to reselect the entries below each time, you can save them and then reopen that saved report each time.

     

    • Runtime detections
      • Running malware detected
      • Malicious traffic detected
      • Malicious behavior prevented
      • Exploit prevented
      • Credential theft prevented
      • Privilege escalation exploit prevented
      • Ransomware detected
      • Remotely-run ransomware detected
      • Ransomware attacking a remote machine detected
      • Safe Browsing detected compromised browser
      • Application hijacking prevented
    • Malware
      • Malware detected
    • Potentially unwanted application (PUA)
      • Potentially unwanted application (PUA) blocked
    • Web control
      • Web threat events
    • Download reputation
      • User deleted low reputation download
      • Low reputation download automatically deleted
    • App Reputation
      •  Low reputation app detected
Unfiltered HTML