Sophos Central

The IBM QRadar DSM for Sophos Central collects events from the Sophos Central database.

To integrate Sophos Central with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM® support. Download and install the most recent version of the following RPMs on your QRadar Console.
    1. Sophos Central DSM RPM
    2. Sophos Central PROTOCOL RPM
  2. Configure your Sophos Central device to send events to QRadar. For more information, see Sophos Central protocol configuration options.