About Sophos Auditing

Sophos Auditing enables you to monitor changes in Sophos Enterprise Console configuration and other user or system actions. You can use this information for regulatory compliance and troubleshooting or, in the case of malicious activity, during a forensic analysis.

By default, auditing is disabled. After you enable auditing in Sophos Enterprise Console, an audit entry is written to the SQL Server database SophosSecurity whenever certain configuration settings are changed or certain actions are performed.

The audit entry includes the following information:

  • Action performed
  • User who performed the action
  • User's computer
  • User's sub-estate
  • Date and time of the action

Both successful and failed attempts at actions are audited, so the audit entries can show who performed actions on the system and who started actions that did not complete successfully.

You can use third-party programs, such as Microsoft Excel, Microsoft Access, Microsoft SQL Server Reporting Services, or Crystal Reports, to access and analyze data stored in the auditing database.

Caution Sophos Auditing makes data available to third-party applications. By using this feature you assume the responsibility of the security of the data made available, which includes ensuring the data can only be accessed by authorized users. For security considerations, see Built-in database protection.