Mobile alerting with tracking & escalation for Sophos
Sophos provides endpoint protection with artificial intelligence and EDR, giving you defense against malware, exploits, and ransomware.
How it Works
Sophos generated emails are sent to the SIGNL4 team email address. This email then triggers alerts to on-call duty members for collaboration and acknowledgment.
Security teams are alerted via mobile push, text and voice
Integration with SIGNL4 via email (SMTP)
Staff can acknowledge and take ownership for critical events that occur
Alerts are escalated in case of no response
Communicate within an alert to address a particular problem
Tracking and visibility of problem solutions
Integrated on-call duty planning
Alert on critical intrusions and malware
Tickets and Incidents are sent to SIGNL4
Event categorization, routing and automated delivery
Persistent Notifications by push, text and voice call with Tracking, Escalation and Confirmation to Staff on Duty
HOW TO INTEGRATE
In our example we are using Sophos to monitor critical servers for suspicious activity. We are setting up a new user within Sophos with the SIGNL4 Team email address and will receive the alerts in real time.
SIGNL4 is a mobile alert notification app for powerful alerting, alert management and mobile assignment of work items. Get the app at https://www.signl4.com
To test the Malicious Traffic Detection feature, do the following:
Copy the following text and paste it into a text document:
set o = createobject(“MSXML2.XMLHTTP”) o.open “GET”, “http://sophostest.com/mtdtest/2/” & rnd, FALSE o.send
Name the file mtd.vbs.
Double-click the file to trigger a detection.
If the MTD feature is active, you will receive a C2/generic-B detection on the endpoint. The Sophos Network Threat Protection feature must be installed for MTD to function. This is only available in Sophos Central and Sophos Enterprise Console with managed Sophos Endpoint 10.6.0 and above.
Note: All of the files contained in this article should be used for testing purposes only.
SIGNL4 will now route the alert to the team member on-call and/or On Duty. Further augmentation should be done through the Systems and Services section to color code and categorize alerts.
ALERT OPTIMIZATION SIGNL4 can further increase the visibility of alerts through its Signals and Services section. Augmenting the color and icon of alerts will provide more relevant information at a glance without having to open the alert.
Change alert color and override title + text
Override text, colors and titles are triggered by keywords set within the mobile app.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.