Sophos Firewall
Experience the power of CompassOne
Get a DemoIntegrate. Simplify. Protect.
Collect and store Sophos Firewall logs while arming the Blackpoint SOC with the network telemetry it needs to detect threats and investigate incidents. With OCSF-mapped data, field-level search, and a full year of included storage, this integration covers compliance and security in one step.
Sophos Firewall + CompassOne Overview
01Capture Sophos Firewall data across your network
Forward traffic, event, VPN, SSL inspection, user authentication, policy, and admin logs from your Sophos Firewalls into CompassOne — indexed, searchable, and ready for analysis.
02Boost SOC visibility and incident response
Integrating Sophos Firewall data gives the 24/7 Blackpoint SOC deeper network telemetry to spot anomalies, triage events, and investigate incidents across your environment.
03Satisfy compliance, insurance, and regulatory needs
Retain firewall logs to meet regulatory standards, support cyber insurance requirements, and streamline audit cycles. Built-in search makes periodic log reviews efficient and painless.
04In-depth log search
Query Sophos Firewall events by time range, field values, keywords, and advanced syntax to pinpoint exactly what you need — from routine audits to active investigations.
05Organized in a standardized schema
CompassOne maps Sophos Firewall logs to the Open Cybersecurity Schema Framework (OCSF), making them structured, searchable by field, and compatible with third-party tools for parsing, visualization, and analysis.
06Complementary storage with room to grow
Get 12 months of Sophos Firewall log storage at no extra cost. When you need longer retention, extend at a consistent monthly rate with no usage surprises.
07Up and running in minutes
The Blackpoint Agent already protecting your endpoints doubles as your log collector. Configure your Sophos Firewall to send syslog to the agent, and events begin flowing into CompassOne right away.