Sophos Logs
Overview
Section titled “Overview”Evidence: Sophos Logs
Description: Collect Sophos Logs
Category: Applications
Platform: windows
Short Name: sphsls
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Sophos is a comprehensive endpoint security suite that includes antivirus, anti-malware, and network threat protection. It maintains logs across multiple components for various security functions including real-time protection and network monitoring.
Data Collected
Section titled “Data Collected”This collector gathers structured data about sophos logs.
Collection Method
Section titled “Collection Method”This collector gathers Sophos logs from multiple product components including antivirus, anti-malware, and network threat protection across both legacy and current installations.
Forensic Value
Section titled “Forensic Value”Sophos logs provide extensive security event data including malware detections, network threat blocks, scan results, and intrusion attempts. They’re essential for investigating multi-vector attacks and understanding comprehensive threat landscape.