IBM Security QRadar

Hi,

Is there anyone here got some basic DSM for Sophos XG (birth name Cyberoam) NG-FW? It would be great if I can save some time by not creating from scratch :)

Sophos XG. Next Generation Synchronized Firewall Security.

Sophos		remove preview
Sophos XG. Next Generation Synchronized Firewall Security. The world's best visibility and response. Expose hidden risks, stop unknown threats and isolate infected systems with Sophos XG Next Gen Firewall. View this on Sophos >

Thanks

------------------------------
Laszlo Pal
------------------------------

Hello.
I parsed it yesterday.I can give you regex codes and custom fields,than you just map event name to event category,if you don't i can help you to do that.please see excel file.

------------------------------
Davit Ubilava
------------------------------

Original Message:
Sent: Tue September 03, 2019 07:59 AM
From: Laszlo Pal
Subject: Sophos XG / Cyberoam DSM

Hi,

Is there anyone here got some basic DSM for Sophos XG (birth name Cyberoam) NG-FW? It would be great if I can save some time by not creating from scratch :)

Sophos XG. Next Generation Synchronized Firewall Security.

Sophos		remove preview
Sophos XG. Next Generation Synchronized Firewall Security. The world's best visibility and response. Expose hidden risks, stop unknown threats and isolate infected systems with Sophos XG Next Gen Firewall. View this on Sophos >

Thanks

------------------------------
Laszlo Pal
------------------------------

Hello, Davit.  Thank you for the XML file!  For anyone looking for a how-to video for Event Mapping in QRadar once you have the regex values in an XML, watch the following: https://www.youtube.com/watch?v=gN7JMpbuAy0

As for the Event Mappings values I used, they were as follows:

1.  Firewall Allow:
   1. Event Category = Allowed
   2. Event ID = Allow
   3. QID/Name = Firewall Permit - Event CRE
2.  Firewall Deny:
   1. Event Category = Denied
   2. Event ID = Deny
   3. QID/Name = Firewall Deny - Event CRE

Please see my Extension

------------------------------
Davit Ubilava
System Administrator
Delta Consulting LLC
TbilisiGeorgia
------------------------------

Original Message:
Sent: Tue September 03, 2019 07:59 AM
From: Laszlo Pal
Subject: Sophos XG / Cyberoam DSM

Hi,

Is there anyone here got some basic DSM for Sophos XG (birth name Cyberoam) NG-FW? It would be great if I can save some time by not creating from scratch :)

Sophos XG. Next Generation Synchronized Firewall Security.

Sophos		remove preview
Sophos XG. Next Generation Synchronized Firewall Security. The world's best visibility and response. Expose hidden risks, stop unknown threats and isolate infected systems with Sophos XG Next Gen Firewall. View this on Sophos >

Thanks

------------------------------
Laszlo Pal
------------------------------

Original Message------

Please see my Extension

------------------------------
Davit Ubilava
System Administrator
Delta Consulting LLC
TbilisiGeorgia
------------------------------