Why SIGNL4
Sophos provides endpoint protection with artificial intelligence and EDR, giving you defense against malware, exploits, and ransomware.
How it Works
Sophos generated emails are sent to the SIGNL4 team email address. This email then triggers alerts to on-call duty members for collaboration and acknowledgment.
Integration Capabilities
Scenarios
In our example we are using Sophos to monitor critical servers for suspicious activity. We are setting up a new user within Sophos with the SIGNL4 Team email address and will receive the alerts in real time.
SIGNL4 is a mobile alert notification app for powerful alerting, alert management and mobile assignment of work items. Get the app at https://www.signl4.com
Prerequisites
A SIGNL4 (https://www.signl4.com) account
Sophos (https://www.sophos.com/) account
Integration Steps
set o = createobject(“MSXML2.XMLHTTP”)
o.open “GET”, “http://sophostest.com/mtdtest/2/” & rnd, FALSE
o.send
If the MTD feature is active, you will receive a C2/generic-B detection on the endpoint. The Sophos Network Threat Protection feature must be installed for MTD to function. This is only available in Sophos Central and Sophos Enterprise Console with managed Sophos Endpoint 10.6.0 and above.
Note: All of the files contained in this article should be used for testing purposes only.
SIGNL4 can further increase the visibility of alerts through its Signals and Services section. Augmenting the color and icon of alerts will provide more relevant information at a glance without having to open the alert.
Change Alert Color and Override Title + Text
Override text, colors and titles are triggered by keywords set within the mobile app.