AlienVault® USM Anywhere™

Configuring the AlienApp for Sophos Central

Role Availability Read-Only Analyst Manager

With a configured connection between the AlienApp for Sophos Central on a deployed USM Anywhere Sensor and your Sophos Central environment, the predefined log collection jobs perform scheduled API queries for Sophos events or alerts. When USM Anywhere collects and analyzes the first of these, the normalized events are available on the Events page.

Required Connectivity on the USM Anywhere Sensor

An AlienApp operates through a deployed USM Anywhere Sensor. In order to use the AlienApp for Sophos Central, there is an additional port that you must open on the sensor to support its functions.

Port Endpoint Function
443 Collect event data from Sophos Central
443 Collect alert data from Sophos Central

Configuration for the Sophos Central Connection

To enable AlienApp for Sophos Central functionality within USM Anywhere, you must configure the AlienApp by providing a valid Sophos Central API token. With a successful connection to your Sophos Central environment, the AlienApp for Sophos Central log collection jobs query the API every 20 minutes for event and/or alert information. It parses all collected data and displays it as Events and Alarms in USM Anywhere.