Overview of Sophos Linux Sensor and its components
Introduction
Sophos Linux Sensor (SLS) is a lightweight Linux sensor that uses APIs to integrate runtime threat detection, in host or container, with your existing threat response tools.
With SLS, you can do the following:
- Monitor and detect unwanted security events across your enterprise Linux systems.
- Integrate SLS with your existing logging and alerting infrastructure.
- Create custom rule sets ("detections") for detection and response.
Overview of components
Sensor
A lightweight agent installed on Linux hosts, collecting events from the hosts to trigger alert generation or automated response.
Detections
Sets of detection/response rules that monitor specified resources for a certain set of abnormal activity or conditions.
Alerting
The output of detection policies, notifying when systems behaviors violate the specified policy.