/
av.sophos
Document toolboxDocument toolbox

av.sophos

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 23, 2022

Overview

The tags beginning with av.sophos identify log events generated by Sophos Endpoint Security and Control. Currently Devo supports several components of this suite.

Tag structure

The full tag must have three levels. The first two are fixed as av.sophos. The third level identifies the event type and must be one of applicationcontroldevicecontrolenterpriseeventstamperprotectionthreatinstances, or threats. These correspond to log file names as generated by Sophos. The fourth tag level is not used. 

Technology

Brand

Type

av

sophos

  • applicationcontrol
  • devicecontrol
  • enterprise
  • events
  • tamperprotection
  • threatinstances
  • threats

Therefore, the valid tags include:

  • av.sophos.applicationcontrol
  • av.sophos.devicecontrol
  • av.sophos.enterprise
  • av.sophos.events
  • av.sophos.tamperprotection
  • av.sophos.threatinstances
  • av.sophos.threats

Once the Sophos Endpoint Security and Control events are delivered to Devo, they will be accessible from the Finder in tables with the same names.

For more information, read more about Devo tags.

Related content

firewall.sophos
firewall.sophos
Devo latest
More like this
soar.devo
soar.devo
Devo latest
More like this
firewall.sophos
firewall.sophos
Devo v7.10.0
More like this
cef0.sophos
cef0.sophos
Devo latest
More like this
firewall.sophos.xgfirewall
firewall.sophos.xgfirewall
Devo latest
More like this
av.symantec
av.symantec
Devo latest
More like this