Viewing Your Sophos Central Events and Alarms

Overview
USM Anywhere Architecture
USM Anywhere Data Security
USM Anywhere Log Data Enhancement
USM Anywhere Quick Start Guides
USM Anywhere Deployment Guide
USM Anywhere User Guides
USM Anywhere Agents Guide
USM Anywhere BlueApps Guide
- Overview
- BlueApps UI
- Advanced BlueApps Best Practices
- BlueApps and Data Sources
- Assign Assets to BlueApps
- Events Created When BlueApps Stop Receiving Data
- BlueApps Parser Syntax
- Advanced BlueApps
  - Overview
  - BlueApp for Akamai Enterprise Application Access
  - BlueApp for Akamai Enterprise Threat Protector
  - BlueApp for LevelBlue Forensics and Response
  - BlueApp for LevelBlue Secure Remote Gateway
  - BlueApp for Box
  - BlueApp for VMWare Carbon Black Cloud
  - BlueApp for Carbon Black EDR
  - BlueApp for Check Point
  - BlueApp for Cisco Duo
  - BlueApp for Cisco Firepower Management
  - BlueApp for Cisco Meraki
  - BlueApp for Cisco Secure Endpoint
  - BlueApp for Cisco Secure Firewall ASA
  - BlueApp for Cisco Umbrella
  - BlueApp for Cloudflare
  - BlueApp for ConnectWise
  - BlueApp for CrowdStrike Falcon
  - BlueApp for DDI Frontline VM
  - BlueApp for Fortinet FortiGate
  - BlueApp for Fortinet FortiManager
  - BlueApp for G Suite
  - BlueApp for Jira
  - BlueApp for Lookout
  - BlueApp for McAfee ePO
  - BlueApp for Microsoft Defender ATP
  - BlueApp for Mimecast Events Collection
  - BlueApp for MobileIron Threat Defense
  - BlueApp for Office 365
  - BlueApp for Okta
  - BlueApp for Oracle Database
  - BlueApp for Palo Alto Networks PAN-OS
  - BlueApp for Palo Alto Networks Panorama
  - BlueApp for Palo Alto Networks Prisma Access
  - BlueApp for Qualys
  - BlueApp for Salesforce
  - BlueApp for SentinelOne
  - BlueApp for ServiceNow
  - BlueApp for Sophos Central
    - Overview
    - Configuring the BlueApp for Sophos Central
    - Verifying the BlueApp for Sophos Central Collection Jobs
    - Viewing Your Sophos Central Events and Alarms
    - BlueApp for Sophos Central Actions
    - Creating Sophos Central Response Action Rules
  - BlueApp for SpyCloud Dark Web Monitoring
  - BlueApp for Tenable.io
  - BlueApp for Zscaler
- BlueApps List
- Custom BlueApps and Log Parsers
- Request for a New BlueApp or Update to an Existing BlueApp

Role Availability | ❌ Read-Only ❌ Investigator ✔️ Analyst ✔️ Manager BlueApp for Sophos Central translates the Sophos event and alert data collected through the USM Anywhere Sensor into events for analysis. These normalized are accessible from the Events page.

A correlation rule automatically identifies Sophos Central alerts where there is a threat detected for malware on an endpoint, and it generates a USM Anywhere . If you want to generate an alarm for other types of Sophos Central events or alerts, you can create your own custom alarm rules and define the matching conditions to fit your criteria.

To view Sophos Central events

Select Activity > Events to open the events page.
If the Search & Filters panel is not displayed, click the icon to expand it. USM Anywhere includes several filters displayed by default.
Scroll down to the Data Source filter and select Sophos Central JSON to display only those events on the page.
If this filter is not displayed, click the Configure filters link, which is in the upper left corner of the page, to configure filters for the page. See Managing Filters for more information about configuring filters for pages.
Select an event in the list to view detailed information.

Verifying the BlueApp for Sophos Central Collection Jobs BlueApp for Sophos Central Actions

USM Anywhere™

USM Central™

Automated Policy Manager

Viewing Your Sophos Central Events and Alarms