You can use the Sophos virtual appliance (VA), installed on a virtual machine, that analyzes network packets. It is a network traffic analyser (NTA) that forwards suspicious information to the Sophos Data Lake. This data can then be used in the Threat Analysis Center.
The VA can also host log collectors for third-party services and products that have been integrated into the Sophos Central Threat Analysis Center. See Integrations.
This guide tells you how to access and use the VA's console. You can configure the VA to suit your network environment. We've also added troubleshooting information.