Jump to main content
About Sophos Cloud Optix
Sophos Cloud Optix is an AI-powered security and compliance platform for public cloud environments.
Getting started
You need a subscription or free trial account to use Sophos Cloud Optix.
You can choose which method you use to add your AWS environment to Sophos Cloud Optix.
AWS Quick-start
These instructions tell you how to use the AWS Quick-start option to connect your AWS accounts to Sophos Cloud Optix easily.
Add AWS environments using CLI scripts
You can add your AWS environment using a script.
Add AWS environments using AWS CloudFormation
You can add AWS environments to Sophos Cloud Optix using AWS CloudFormation.
Add your Amazon EKS clusters
You can add Amazon EKS clusters to AWS accounts you have added to Sophos Cloud Optix.
Resources created in your AWS environments
A full deployment of Sophos Cloud Optix adds AWS environments to the service and sets up communication between AWS and Sophos.
Troubleshooting for AWS
If there are problems with adding an AWS environment, run the uninstall script and try again.
Add remediation (Guardrails)
You can enable remediation features for AWS environments.
Permissions needed to run Sophos Cloud Optix scripts for AWS
You can create custom roles with the appropriate permissions needed to run the Sophos Cloud Optix scripts that add AWS environments.
AWS CLI script variables
AWS script variables
Set up AWS CLI to run scripts
To add environments with scripts you must first set up the AWS CLI.
Remove your AWS environment
You can remove your AWS environment from Sophos Cloud Optix.
You can add your Azure environment to Sophos Cloud Optix by running the PowerShell script Sophos provides.
What does the Sophos Cloud Optix script for Azure do?
The script sets up Sophos Cloud Optix so that it can receive data from your Azure AD environment.
Troubleshooting for Azure
How to resolve problems with adding Azure environments.
Remove your Azure environment
You can remove a Microsoft Azure environment from Sophos Cloud Optix.
You can add a Google Cloud Platform (GCP) project to Sophos Cloud Optix by running the script Sophos provides.
Add a GKE cluster to an existing GCP environment
You can add a GKE (Google Kubernetes Engine) cluster to a GCP project that's already been added to Sophos Cloud Optix.
What does the Sophos Cloud Optix script for GCP do?
The script creates a read-only service account in a GCP project.
Remove your GCP environment
You can remove a Google Cloud Platform environment from Sophos Cloud Optix.
Add your Kubernetes environment
You can add a native Kubernetes cluster to Sophos Cloud Optix by running the script Sophos provides.
Sophos Cloud Optix can monitor code submitted to your Infrastructure as Code (IaC) repositories for potential security issues.
Add code repositories using GitHub
Sophos provides a GitHub app which you can install to give Sophos Cloud Optix access to your repositories.
Add code repositories using Bitbucket
Sophos provides a Bitbucket app that you can install to give Sophos Cloud Optix access to your repositories.
Add code repositories via Jenkins pipeline
Sophos provides a script which you can add to Jenkins to give Sophos Cloud Optix access to your repositories.
Monitor your IaC environment
You can monitor code repositories that you have added to Sophos Cloud Optix.
You can use Sophos Cloud Optix for remediation of certain issues in AWS environments.
Create the remediation role
This section tells you how to create the role needed before you can use remediation.
Turn on automatic remediation
How to turn on automatic remediation.
Use manual remediation
How to use manual remediation.
Which issues can you remediate?
Sophos Cloud Optix can remediate issues related to S3 buckets, security groups and IAM password policies, in AWS environments
Sophos Cloud Optix has several types of anomaly detection. They're turned on automatically.
About anomaly alerts
Sophos Cloud Optix displays alerts when it detects anomalies in your environment.
User login anomalies
Sophos Cloud Optix detects suspicious login events.
Outbound network traffic anomalies
Sophos Cloud Optix detects anomalous outbound network traffic.
Applications inferred from host behavior
Sophos Cloud Optix can infer the applications running from the behavior of the host computer instance.
High-risk activity
Sophos Cloud Optix uses artificial intelligence (AI) to detect high-risk activity.
Sophos Cloud Optix provides network visualization for your cloud environment.
View traffic flow
Sophos Cloud Optix lets you view and analyze traffic flow in your cloud environment.
View host details
Sophos Cloud Optix shows details of hosts in your environment.
View inferred databases
Sophos Cloud Optix lets you view inferred database applications running on hosts.
IAM visualization
You can view AWS identity and access management (IAM) relationships.
Monitor spending on cloud environments to quickly identify unauthorized usage and control cloud infrastructure costs.
Setting up environments for Spend Monitor
Find out how to turn on spend monitoring for different types of cloud environments.
Spend Monitor Policies
Configure policies that alert you to unexpected spend increases and make recommendations to control costs.
Sophos Cloud Optix provides security and compliance policies which give deeper insight into your current security posture.
Use out-of-the-box policies
Sophos Cloud Optix provides out-of-the-box policies. These are based on popular standards, including cloud provider best practices (for example, AWS and Azure CIS Benchmarks).
Customize policies
You can customize Sophos Cloud Optix policies for your needs.
View policy reports
Sophos Cloud Optix automatically generates reports for all out-of-the-box and custom policies.
Track policy compliance
Sophos Cloud Optix lets you track the compliance results over time.
You can integrate Sophos Cloud Optix with your existing business tools to automate cloud security monitoring, GRC (governance, risk and compliance) and DevSecOps processes.
Integrate with Jira
You can integrate Sophos Cloud Optix with Jira so that it can create or update Jira tickets for alerts.
Integrate with Slack
Sophos Cloud Optix can push new alerts to your specified Slack channel for instant notification.
Integrate with Teams
You can integrate Sophos Cloud Optix with Microsoft Teams to push new alerts to your specified channel.
Integrate with ServiceNow
Sophos Cloud Optix can create and update ServiceNow tickets for alerts.
Integrate with Splunk
Sophos Cloud Optix can send data to your Splunk Enterprise or Cloud instance using Splunk's HTTP event collector (HEC) interface.
Integrate with PagerDuty
You can push Sophos Cloud Optix alerts to PagerDuty.
Integrate with Sophos Cloud Optix API
Some Sophos Cloud Optix functions can be programmatically accessed via API.
Integrate with Amazon GuardDuty
Sophos Cloud Optix lets you aggregate Amazon GuardDuty alerts into the Sophos Cloud Optix dashboard, regardless of region.
Integrate with Amazon SNS
You can send Sophos Cloud Optix alerts to an Amazon SNS (Simple Notification Service) topic you've created in your AWS account.
Integrate with Azure Sentinel
Sophos Cloud Optix can send alert data to your Microsoft Azure Sentinel workspace.
Learn how to use search terms on your inventory data.
Supported search field names
Tables of valid search field names and types.
Search examples
See how to combine different terms to create complex searches.
You can use pre-defined administration roles to divide up security tasks according to each administrator's responsibility level.
Environment access control
You can control which cloud environments each administrator can see in their Sophos Cloud Optix console.
Sophos Cloud Optix licensing
Subscriptions are based on the number of cloud assets in the cloud environments that you add to Sophos Cloud Optix.
Sophos Cloud Optix for EDR
Find out which Sophos Cloud Optix features are included with Intercept X Advanced for Server with EDR.
Cloud provider charges
Your cloud provider will charge you for Cloud Optix activity that collects or sends log data. The charge depends on usage and amount of data.
Multi-factor authentication
You can turn on multi-factor authentication to improve the security of your Sophos Cloud Optix account.
Supported web browsers
Check that Sophos Cloud Optix can run on your web browser.
How Sophos stores and manages your data
Find out how Sophos looks after your data, and about our GDPR compliance
Get additional help
To get help from Sophos Support:
Legal notices

About this Help

This Help tells you how to use all the features in Sophos Cloud Optix.

Can't find what you need?

Try the following:

  • Use the Search bar above.
  • Go to the Support section of our website and search there. This finds knowledge base articles or Sophos Community posts.

Not using Sophos Cloud Optix yet?

Get a subscription to Sophos Cloud Optix or sign up for a free trial.

d0d1af1e16d84f30cac77e8bc6fa787a03a983bd