Cloud provider charges
Your cloud provider will charge you for Sophos Cloud Optix activity that collects or sends log data. The charge depends on usage and amount of data.
We recommend that you do as follows:
- Monitor the charges in your cloud provider dashboard.
- If you have a Sophos Cloud Optix trial, consider using a cloud environment that generates less log data.
This is how Sophos Cloud Optix uses data and why you might incur charges:
-
Sophos Cloud Optix creates an access IAM role (AWS), access key (Azure), or service account (GCP).
This enables Sophos Cloud Optix to use the cloud provider’s APIs to perform continuous assessment and to provide an inventory of resources.
Cloud providers don't usually charge for this.
-
Sophos Cloud Optix enables logs (if not enabled already) and sets up continuous streaming of log data to Sophos Cloud Optix.
This collects admin activity logs (for example AWS CloudTrail) and Network Flow Logs, to provide the network traffic view, anomaly detection alerts, and more.
Cloud providers do charge for this.
Note
If you’re concerned about provider charges, you can choose not to enable logs, but you’ll lose some Sophos Cloud Optix functionality. Use the Custom settings on the Add an environment page.
Tip
In AWS, the first CloudTrail is free, but subsequent CloudTrails incur additional cost. You can customize the Sophos Cloud Optix setup to reuse an existing CloudTrail.
Here are more details of charges for each stage in log streaming.
Network Flow Logs
All Cloud providers charge for Network Flow Logs. Please see the following references for guidance on flow log pricing from each cloud provider.
- AWS: AWS CloudTrail pricing.
- AWS: CloudWatch Introduces Tiered Pricing With up to 90% Discount for VPC Flow Logs and Other Vended Logs.
- Azure: Network Watcher pricing.
- GCP: Google Cloud's operations suite (formerly Stackdriver).
Log routing
AWS: Amazon CloudWatch pricing.
Azure: Storage.
GCP: Cloud Storage pricing.
Serverless functions
A serverless function (created in your environment by Sophos Cloud Optix) is triggered when new logs reach CloudWatch, Microsoft Azure storage or a GCP sink. This function takes the logs and sends them via https to the Sophos Cloud Optix service.
Cloud providers charge for serverless functions on the basis of usage.
AWS: AWS Lambda Pricing.
Azure: Azure Functions pricing.
GCP: Cloud Functions pricing.
Data transfer to Sophos Cloud Optix
The Sophos Cloud Optix service is hosted in the AWS US-West region. Cloud providers may charge for data transfer to the service in this region.
AWS: AWS Pricing.
Azure: Bandwidth pricing.
GCP: Price list.