What kind of data can be analyzed in Discover Mode

Shunze,

AFAIK SAR includes all the information that is passed to XG in terms of network and web traffic. So All the above data should be available. In TAP mode, remember that you cannot block traffic.

You can schedule SAR even if the XG is deployed in routing/bridge or mixed mode so I would recommend you to enable it on an XG and then you can see what traffic is reported.

Regards

So you mean the TAP mode also can identify the IPS attacks?

Even we can not specify the IPS modules, and all of the 8901 IPS patterns can be detected?

Shunze,

I found the Sophos SAR example on Partner Portal.

5415.ET802_Sample_SAR.docx

Enjoy it!

It has been a question mark for the product !

I have been searching for any document which mention what type of traffic it could analyze, as of now i could only see the web and application traffic.

I have a case currently going also, where customer want to see the spam email from the discover port, but there is no way you could make a firewall policy and apply on discover traffic.

I have been using fortigate and they do have one-arm sniffer interface (same as discover in sophos xg) but the beauty is you could also create a sniffer firewall rule and apply your own filters, so to analyze the traffic the way you want and get the reports of any thing, malicious traffic, emails , web, application and so on.

Dear sophos,

I am sure this is a pretty bad limitation for users who want to analyze or lets say same as in my case i am doing a POC for sophos XG.

simply visiblility of network traffic is not important but the action it could take after analyze is what the customer want to see at any POC.

Please let us know if there is any way we could acheive it.