Blumira’s modern cloud SIEM platform integrates with Sophos XG Firewalls to detect cybersecurity threats and provide an actionable response to remediate when a threat is detected.
When configured, the Blumira integration with Sophos XG Firewall appliance will stream security event logs to the Blumira service for threat detection and actionable response.
Learn more about enabling Blumira’s blocklists to block malicious source IP addresses and domains for automated threat response.
Related Integration: Sophos Central
Configuring the Syslog Server
This article provides information on how to set up the Sophos XG Firewall to send logs to Blumira’s sensor.
Start by logging into your Sophos XG Firewall and follow these steps:
- Go to System Services > Log Settings and click Add to configure a syslog server.
Configure the following log settings:
- Name for the syslog server like “BlumiraSensor”
- IP Address of the Blumira Sensor.
- Port number 514 which will communicate with the Sensor
- Leave the default Facility of DAEMON, facility does not impact the Blumira Sensor generally
- Select the Severity Level of Informational (you may want to move to Debug in the future, but Informational is a good starting point)
- Leave the default Format of Device Standard Format
- Click Save to save the new Blumira Sensor syslog server log settings
Sophos documentation on how to add a Syslog server: https://community.sophos.com/kb/en-us/123184
Next, specify which Sophos logs get sent to the Blumira sensor:
- Go to System Services > Log Settings
- Select all checkboxes under Syslog unless there is not a need/license for one.
- Ensure that the Log Traffic option is selected in the Firewall Rule is selected, otherwise, traffic will not be logged out.