sophos_350x200

Mobile alerting with tracking & escalation for Sophos

sophos_alert_main

 Why SIGNL4

Sophos provides endpoint protection with artificial intelligence and EDR, giving you defense against malware, exploits, and ransomware.

 How it Works

Sophos generated emails are sent to the SIGNL4 team email address.  This email then triggers alerts to on-call duty members for collaboration and acknowledgment.

 Integration Capabilities

  • Security teams are alerted via mobile push, text and voice
  • Integration with SIGNL4 via email (SMTP)
  • Staff can acknowledge and take ownership for critical events that occur
  • Alerts are escalated in case of no response
  • Communicate within an alert to address a particular problem
  • Tracking and visibility of problem solutions
  • Integrated on-call duty planning
  • Alert on critical intrusions and malware

 Scenarios

  • Security Intrusion
  • Malware Protection
  • Virus Protection
  • Ransomware Protection
FS_neu_2

Tickets and Incidents are sent to SIGNL4

Event categorization, routing and automated delivery

Persistent Notifications by push, text and voice call with Tracking, Escalation and Confirmation to Staff on Duty

HOW TO INTEGRATE

In our example we are using Sophos to monitor critical servers for suspicious activity.  We are setting up a new user within Sophos with the SIGNL4 Team email address and will receive the alerts in real time.

SIGNL4 is a mobile alert notification app for powerful alerting, alert management and mobile assignment of work items.  Get the app at https://www.signl4.com

Prerequisites

A SIGNL4 (https://www.signl4.com) account

Sophos (https://www.sophos.com/) account

sophos_devices1

Download the installer located in Configure > Protect Devices

sophos_add_user

Run the installer on the desired machine. In this case we used a local VM server.

On the Overview menu, select Global Settings > Configure Email Alerts

Create a new User and give that user the SIGNL4 Team email address. This will automatically set the “Receive Alerts” tab to YES.

Now lets generate some unwanted activity. Navigate to the following KB article https://community.sophos.com/kb/en-us/10027

  • To test the Malicious Traffic Detection feature, do the following:
  • Copy the following text and paste it into a text document:

set o = createobject(“MSXML2.XMLHTTP”)
o.open “GET”, “http://sophostest.com/mtdtest/2/” & rnd, FALSE
o.send

  • Name the file mtd.vbs.
  • Double-click the file to trigger a detection.

If the MTD feature is active, you will receive a C2/generic-B detection on the endpoint. The Sophos Network Threat Protection feature must be installed for MTD to function. This is only available in Sophos Central and Sophos Enterprise Console with managed Sophos Endpoint 10.6.0 and above.

Note: All of the files contained in this article should be used for testing purposes only.

SophosAlert1
SophosAlert2

SIGNL4 will now route the alert to the team member on-call and/or On Duty. Further augmentation should be done through the Systems and Services section to color code and categorize alerts.

ALERT OPTIMIZATION
SIGNL4 can further increase the visibility of alerts through its Signals and Services section. Augmenting the color and icon of alerts will provide more relevant information at a glance without having to open the alert.

alertoptimization

Change alert color and override title + text 

Override text, colors and titles are triggered by keywords set within the mobile app.

Related Integrations

FortiMonitor (formerly Panopta)

SecOps

Kaseya BMS

IT Ops / SecOps

LogRhythm

SecOps

Microsoft Sentinel

SecOps

N-able

IT Ops / SecOps

NetApp Cloud Insights

IT Ops / SecOps

Netwrix

SecOps

NinjaOne

IT Ops / SecOps

Shuffle

SecOps

SolarWinds NPM

IT Ops / SecOps

Sophos

SecOps

Splunk

SecOps

Sumo Logic

IT Ops / SecOps

TheHive

SecOps

Wazuh

SecOps

Ready for a free 30-days trial?