Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 12865 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What kind of data can be analyzed in Discover Mode

ShunzeLee

Dear All,

We know it's simple to enable TAP/Discover mode in Sophos XG,

but anyone knows what kind of data can be analyzed in this mode?

Host traffic?
Web/Application category?
Malware? IPS?
Or ATP?

Thanks~



This thread was automatically locked due to age.
Parents
  • 0

    It has been a question mark for the product !

    I have been searching for any document which mention what type of traffic it could analyze, as of now i could only see the web and application traffic.

    I have a case currently going also, where customer want to see the spam email from the discover port, but there is no way you could make a firewall policy and apply on discover traffic.

    I have been using fortigate and they do have one-arm sniffer interface (same as discover in sophos xg) but the beauty is you could also create a sniffer firewall rule and apply your own filters, so to analyze the traffic the way you want and get the reports of any thing, malicious traffic, emails , web, application and so on.

     

    Dear sophos,

    I am sure this is a pretty bad limitation for users who want to analyze or lets say same as in my case i am doing a POC for sophos XG.

    simply visiblility of network traffic is not important but the action it could take after analyze is what the customer want to see at any POC.

    Please let us know if there is any way we could acheive it.

Reply
  • 0

    It has been a question mark for the product !

    I have been searching for any document which mention what type of traffic it could analyze, as of now i could only see the web and application traffic.

    I have a case currently going also, where customer want to see the spam email from the discover port, but there is no way you could make a firewall policy and apply on discover traffic.

    I have been using fortigate and they do have one-arm sniffer interface (same as discover in sophos xg) but the beauty is you could also create a sniffer firewall rule and apply your own filters, so to analyze the traffic the way you want and get the reports of any thing, malicious traffic, emails , web, application and so on.

     

    Dear sophos,

    I am sure this is a pretty bad limitation for users who want to analyze or lets say same as in my case i am doing a POC for sophos XG.

    simply visiblility of network traffic is not important but the action it could take after analyze is what the customer want to see at any POC.

    Please let us know if there is any way we could acheive it.

Children
No Data