Acronis integration
You can integrate Acronis Cyber Protect with Sophos Central so that it sends alerts to Sophos for analysis.
This page gives you an overview of the integration.
Acronis product overview
Acronis Cyber Protect is an integrated cybersecurity and data protection service. The tool has a unified security approach by combining advanced backup capabilities with proactive cybersecurity measures. It helps ensure swift recovery and continuity of operations, effectively mitigating the impact of data breaches, ransomware attacks, and system failures on business activities.
Sophos documents
Integrate Acronis Cyber Protect
What we ingest
Sample alerts seen by Sophos:
BackupFinishedWithWarnings
ProtectionServiceNotWorking
MaliciousEmailDetectedPerceptionPointWarning
BackupNotResponding
MaliciousUrlBlocked
We also ingest many other standard alert types.
Alerts ingested in full
We ingest everything from the Acronis Alerts endpoint /api/alert_manager/v1/alerts
.
We then enrich all alerts with further details from the resources endpoint /api/resource_management/v4/resources
.
Filtering
We filter only to confirm data returned is in the correct format.
Sample threat mappings
{"alertType": "BackupFinishedWithWarnings", "threatId": "T1490", "threatName": "Inhibit System Recovery"}
{"alertType": "ProtectionServiceNotWorking", "threatId": "T1562.001", "threatName": "Disable or Modify Tools"}
{"alertType": "MaliciousEmailDetectedPerceptionPointWarning", "threatId": "T1566", "threatName": "Phishing"}
{"alertType": "BackupNotResponding", "threatId": "T1490", "threatName": "Inhibit System Recovery"}
{"alertType": "MaliciousUrlBlocked", "threatId": "T1566", "threatName": "Phishing"}