Sophos Monitoring

Posted on  by admin
  1. Sophos Monitoring System
  2. Sophos Managed Threat Response
  3. File Integrity Monitoring Sophos
Sophos MonitoringSophos Monitoring

Monitoring syslog data from Sophos UTM is great, until the syslog stream is interrupted or when you need to reboot the syslog receiver. When that occurs, you end up with gaps in your reporting data!

Sophos is retiring this product on 20 July 2023. For product retirement details, see our retirement calendar. Information about behavior monitoring and the run-time detection methods being used can be found on the Enterprise Console Help HTML online documentation. Sophos Home Premium Security Delivers Advanced, Real-Time Antivirus Protection from the Latest Ransomware, Hacking Attempts and More. Get Sophos Home Today.

You can monitor and configure Windows Firewall (and monitor other registered firewalls) on your computers and servers using a Windows Firewall policy.

You can apply a Windows Firewall policy to individual devices (computers or servers) or to groups of devices.

Warning Other firewalls or your Windows Group Policy settings may affect how the policy is applied on individual computers and servers.

We advise that you test any firewall rules you create (locally or via Group Policy) to make sure that communication with Sophos is allowed.

Sophos MonitoringSophos Monitoring
Note If an option is locked global settings have been applied by your partner or Enterprise administrator.

Go to Endpoint Protection > Policies to manage Windows Firewall.

To set up a policy, do as follows:

  • Create a Windows Firewall policy.
  • Open the policy's Settings tab and configure it as described below. Make sure the policy is turned on.

Monitor Type

Sophos Monitoring System

In Monitor Type, select the level of monitoring you want:

Sophos Managed Threat Response


File Integrity Monitoring Sophos

  • Monitor Only. Devices will report their firewall status to Sophos Central. This is the default option.
  • Monitor & Configure Network Profiles. Devices will report their firewall status to Sophos Central. You can also choose whether to block or allow inbound connections on Domain Networks, Private Networks, and Public Networks.

    Choose from:

    • Block All
    • Block (with exceptions). You must set up the exceptions locally on the computer or server. If you don't set up exceptions all inbound connections are blocked.
    • Allow All