Rubrik integration
You can integrate Rubrik Security Cloud with Sophos Central so that it sends alerts to Sophos for analysis.
This page gives you an overview of the integration.
Rubrik product overview
Rubrik's backup and recovery cybersecurity tool is a cloud-based solution that secures and automates data protection across hybrid and multi-cloud environments. It integrates with various security frameworks, providing a centralized platform for backup, data recovery, ransomware detection, and compliance, ensuring resilient data management and fast data recovery in the event of attacks.
Sophos documents
What we ingest
Sample alerts seen by Sophos:
Discovered n new user(s)
Started Anomaly Detection analysis for snapshot taken on DATETIME of Fileset 'FILESET'
Rubrik Backup Service unreachable on host HOST
Scheduled backup of Fileset 'FILESET'
Found n YARA rule matches
We also ingest many other standard alert types.
Alerts ingested in full
We make a call to the endpoint https://rubrik-tme.my.rubrik.com/api/graphql
with an appropriate GraphQL query.
Filtering
We filter alerts to confirm that the data returned is in the correct format and to exclude the logging of regular scheduled/expected backup activity.
Sample threat mappings
{"alertType": "Successfully took snapshot of Managed Volume 'VOLUME'.", "threatId": "T1578.001", "threatName": "Create Snapshot" }
{"alertType": "VSS snapshots of N volumes were found missing during backup of fileset 'FILESET' from 'MACHINE'.", "threatId": "T1485", "threatName": "Data Destruction" }
{"alertType": "Building global index for Fileset 'FILESET' from location 'LOCATION'", "threatId": "T1083", "threatName": "File and Directory Discovery"}
{"alertType": "Created the 'MACHINE' virtual machine in the 'REGION' region.", "threatId": "T1578.002", "threatName": "Create Cloud Instance"}
{"alertType": "Discovered N new user(s)", "threatId": "T1087", "threatName": "Account Discovery"}