Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Converted from version 'v7.0.8'.

Table of Contents
maxLevel2
minLevel2
typeflat

Overview

The tags beginning with av.sophos identify log events generated by Sophos Endpoint Security and Control. Currently Devo supports several components of this suite.

...

The full tag must have three levels. The first two are fixed as av.sophos. The third level identifies the event type and must be one of applicationcontroldevicecontrolenterpriseeventstamperprotectionthreatinstances, or threats. These correspond to log file names as generated by Sophos. The fourth tag level is not used. 

technology

Technology

brand

Brand

type

subtype

Type

av

sophos

  • applicationcontrol
  • devicecontrol
  • enterprise
  • events
  • tamperprotection
  • threatinstances
  • threats
Not used

Therefore, the valid tags include:

...

For more information, read more about Devo tags.

Configuration

These instructions are for setting up the sending of events in Sophos log files saved on a Windows machine. In this case, we can install the 2021-06-15_09-43-16_Devo Agent for Windows on the machine and forward the events directly to Devo.

Use the MagicLog component of the Devo Agent to indicate where the files are, their names, and the specific tag to attach to the events. In MagicLog, you should add a folder for each log file you are forwarding to Devo. For information about where the Sophos log files are saved, consult the Sophos Endpoint Security and Control online resources.

...