Log Types: SophosDataControlLog
- Leigh Purdie (Unlicensed)
Overview
Sophos data loss protection (DLP) is designed to reduce the risk of accidental data transfer by employees. DLP produces Data Control events, and may be available in the following appliances/applications: Central Endpoint Advanced, Sophos Cloud Managed Server and Sophos Endpoint Security and Control
Collection
Data Control logs are generally append-only files, that are sent to the Snare Central server using the ‘Epilog’ agent.
Sample Events
Not available.
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | SophosDataControlLog |
USERNAME | The user who initiated the event |
COMPUTER | The source computer |
SOURCEPATH |
|
DESTINATIONPATH |
|
FILENAME |
|
DESTTYPE | Destination type |
STRINGS | Any other content within the event, that is not assigned to the fields above |