SophosLabs threat intelligence
Sophos Cloud Optix detects outbound traffic to known bad IP addresses.
Sophos Cloud Optix combines network flow logs from AWS, Azure, and GCP environments with threat intelligence from SophosLabs Intelix. This identifies outbound traffic to known bad IP addresses, such as command and control servers, which could mean malware is running on your cloud VMs.
In Sophos Cloud Optix, go to Alerts.
An alert appears when outbound traffic is seen to IP addresses categorized by SophosLabs threat intelligence as follows:
- Known sources of malware.
- Known sources of phishing.
- Known exploited web servers.
- Known exploited mail servers.
- Suspected criminal sources.
Alerts show the following information:
- The destination IP address.
- The source IP addresses of your cloud resources that generated the outbound traffic.
- The time of the traffic.
You can click a source IP address in the alert details to see more information about the traffic source.
You can also click Flow Logs > Outbound to see the SophosLabs Intelix categories.