- Added a new Sophos Central endpoint metadata collection command
- Device Master Table has been renamed to Device Inventory Table
- Enhancements have been made to the Device Inventory Table, Asset Intelligence, Forensics, and Office 365 dashboards
- New Linux/Unix report
Sophos Central
Sophos is highly recognized as a worldwide leader in next-generation cyber security. Cyences is set to match those standards by providing Splunk users with a way to collect information about their Sophos endpoints within our app. We have added a Sophos endpoint metadata collection command via Sophos Central API to make this as easy and effective as possible. Follow the configuration steps below to get actionable insights into your security posture with the assistance of Cyences:
- Obtain the Client ID and Client Secret from your Sophos API credentials set.
- Navigate to Cyences App for Splunk > Settings > Configuration.
- Enter the Client ID and Client Secret in the Sophos Endpoint API Configuration section.
- Click Save.
Device Inventory
The Device Inventory dashboard has received some upgrades with the release of 1.6.0. The Device Inventory Table is now capable of automatically merging devices based on the information provided (hostname, IP address, etc.), as well as merging multiple entries that are used for the same device. The Device Inventory Table now, also, assigns a unique UUID to each device it detects. These new features help display an accurate number of devices.
Before
After
Asset Intelligence
The Asset Intelligence dashboard has received several enhancements, which allow Splunk users to simultaneously search their machines for multiple IP addresses and users. In order for this to work, commas are now permissible to use within search filters. In addition to that, a new lookup has been added to this dashboard to help optimize the Device Inventory Table overall.
Forensics
Performing a drilldown from anywhere on this dashboard will now automatically use the appropriate data model command instead of index=* for the selected query.
Office 365
A new search filter named Logon Error has been added to the Failed Logins dashboard panel to aid with the security audit process.
Linux/Unix
A new report named Linux/Unix has been added to the Cyences app, which contains rich security related information, such as: users with sudo privilege access, open ports, interfaces on hosts, mount points on hosts, and listening ports on hosts.
Written by Ahad Ghani.
Any questions, comments, or feedback are appreciated! Leave a comment or send me an email to uhoulila@cr.jlizardo.com for any questions you might have.
