Skip to content
AIR Knowledge Base

Sophos Logs

Overview

Section titled “Overview”

Evidence: Sophos Logs
Description: Collect Sophos Logs
Category: Applications
Platform: macos
Short Name: splgs
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Section titled “Background”

Sophos maintains multiple log files on macOS including the main Anti-Virus log, updater log, and LiveQuery osquery logs. These logs capture real-time protection events, update activities, and endpoint detection query results.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about sophos logs.

Collection Method

Section titled “Collection Method”

This collector gathers Sophos log files from system-wide Library/Logs directories, including the main antivirus log, update logs, and LiveQuery/osquery logs for endpoint detection and response.

Forensic Value

Section titled “Forensic Value”

Sophos logs provide comprehensive security visibility including virus detections, update status, EDR queries, and system protection events. The LiveQuery logs reveal endpoint detection activities and security monitoring queries executed on the system.