Sophos Enterprise Console

The IBM® QRadar® DSM for Sophos Enterprise Console provides two options for gathering events by using Java™ database connectivity (JDBC).

QRadar records all relevant anti-virus events.

To use the Sophos Enterprise Console JDBC protocol, the Sophos Reporting Interface must be installed with your Sophos Enterprise Console. If you do not have the Sophos Reporting Interface installed, configure QRadar by using the JDBC protocol. For information about installing the Sophos Reporting Interface, go to the Sophos Enterprise Console documentation (https://www.sophos.com/en-us/support/documentation/enterprise-console.aspx).

To integrate Sophos Enterprise Console with QRadar, complete the following steps:

1. Configure the database view for Sophos Enterprise Console .
2. Optional: If the Sophos Reporting Interface is installed on your Sophos Enterprise console, use the Sophos Enterprise Console JDBC log source to collect events. For more information, see Sophos Enterprise Console JDBC log source parameters for Sophos Enterprise Console.
3. Optional: If the Sophos Reporting Interface is not installed on your Sophos Enterprise Console, use the standard JDBC protocol to collect events. For more information, see JDBC log source parameters for Sophos Enterprise Console.