Hi all, I searched on the forum and did not found any clear info about my question.
I am installing an infrastructure with Sophos XG and RED on remote offices, so I'm new with Sophos systems.
Also, I would want to monitor all traffic (including RED traffic to monitor all workstations on remote offices) with Security Onion. I wonder if the best bet is to configure Sophos to send all logs to Security Onion via syslog or could I configure a tap or span port and in which position?
I think that the diagram I attached below would help you to understand I am talking about.
I would appreciate if someone with more experience than me could tell me what is the best option to get all network data on Security Onion using this Sophos infrastructure.
This thread was automatically locked due to age.
