Sophos Connector

1. Sophos Connector Configuration

1. Go to the XDR platform.
2. Navigate to Connectors > Ingestion.
3. Select Event Connector and click Configure.
4. Enter the Collector ID and Password.
5. Click Validate and Save.

2. System Requirements

✅ Prerequisites:

• A system with Static IP address.
• Docker Engine installed. You can download Docker from:
  https://docs.docker.com/get-docker

Start the Docker service:

systemctl start docker

Obtain your system’s IP address for use in the Sophos firewall configuration.

3. Firewall Configuration

For Linux/macOS:

firewall-cmd --permanent --add-port=514/udp
firewall-cmd --reload

For Windows (Run in PowerShell as Administrator):

New-NetFirewallRule -DisplayName "Allow UDP Port 514" -Direction Inbound -Protocol UDP -LocalPort 514 -Action Allow
New-NetFirewallRule -DisplayName "Allow UDP Port 514" -Direction Outbound -Protocol UDP -LocalPort 514 -Action Allow

4. Docker Image Setup

Download the Docker image from the provided URL (replace placeholders with actual values):

https://connectors-xdr.seqrite.com/connectors/collector/download?collectorId=<COLLECTOR_ID>&password=<COLLECTOR_PASSWORD>&tid=<TENANT_ID>

Load the Docker image:

docker load --input <path_to/hhcollector-1.0.0.tar>

Start the agent container:

docker run -p 514:514/udp \
  --env COLLECTOR_ID=<COLLECTOR_ID> \
  --env TID=<TENANT_ID> \
  hhcollector

5. Sophos Firewall Configuration

1. Log in to the Sophos Web Interface.
2. Navigate to System Services > Log Settings.
3. Under Syslog Server, click Add.

4. Configure:

   • Server IP Address: Enter the static IP of the event collector machine.
   • Port: 514 (UDP)
5. Click Save.
6. In the Log Settings section, right-click on All and select Apply to enable log forwarding.