Advanced Protection

This chapter describes how to configure the advanced protection features of Sophos UTM on AWS. The Advanced Protection Statistics page shows an overview of Sophos Sandstorm and Advanced Threat Protection events.

The following topics are included in this chapter:

Advanced Threat Protection

This section displays information on the number of machines on your network that are potentially infected.

Sophos Sandstorm Activity

Get an overview of all incidents where a file was flagged for further analysis using the Sophos Active Sandbox component of Sophos Sandstorm. The table is updated on page load and shows processes currently in progress for the present day. Data accumulation starts at midnight. The table shows web and email activity, not manually submitted files.

Table data is broken down by email and web files as well as the following categories or statuses:

Sophos Sandstorm Activity Report

Get an overview of Sandstorm activity on a daily, weekly, monthly, or yearly basis. By default, both email and web file activity is displayed. Manually submitted files are not part of the report.

The reporting graphs have the following display properties:

Daily: Displays the last 24 hours of data. Each bar represents an hour. The graph is updated on the hour and only shows completed hours. Therefore it might not include up to the last hour's worth of data.

Weekly: Displays the last seven days of data. Each bar represents six hours. The graph is updated on the hour and only shows completed six hours.

Monthly: Displays the last 30 days of data. Each bar represents a day. The graph is updated on the hour and only shows completed days.

Yearly: Displays the last 12 months of data. Each bar represents a week. The graph is updated on the hour and only shows completed weeks.

Note – The weekly, monthly, and yearly graphs are broken down by UTC time, not your local time. This may lead to data from a single day at your site being distributed to two different bars. Example: Your local time is UTC+12 (Asian Pacific region) where your local noon is midnight in UTC. Therefore the first half of your day will be part of another bar than the second half.

The graphs display the following data:

Related Topics Link IconRelated Topics