Jump to main content
About Sophos Cloud Optix
Sophos Cloud Optix is an AI-powered security and compliance platform for public cloud environments.
Getting started
You need a subscription or free trial account to use Sophos Cloud Optix.
You can add your AWS environments to Sophos Cloud Optix in many ways.
AWS Quick-start
You can use AWS Quick-start to easily add environments to Sophos Cloud Optix.
Add AWS environments using AWS CloudShell or AWS CLI
You can add your AWS environment using a script that Sophos Cloud Optix creates for you.
Add AWS environments using CloudFormation
You can use our assistant to add AWS environments to Sophos Cloud Optix using AWS CloudFormation.
Add AWS environments using an existing AWS CloudTrail
You can use an existing CloudTrail when you add an AWS environment.
Add AWS environments using Terraform
You can add your AWS environments to Sophos Cloud Optix using our Terraform template.
Add AWS environments using an organization trail
You can use an AWS SNS topic to add the AWS accounts in an organization trail to Sophos Cloud Optix.
Add your Amazon EKS clusters
You can add Amazon EKS clusters to AWS accounts you have added to Sophos Cloud Optix.
Resources created in your AWS environments
A full deployment of Sophos Cloud Optix adds AWS environments to the service and sets up communication between AWS and Sophos.
Troubleshooting for AWS
If there are problems with adding an AWS environment, run the uninstall script and try again.
Remediation for AWS
Sophos Cloud Optix can remediate issues related to S3 buckets, security groups, and IAM password policies in AWS environments.
Remove your AWS environment
You can remove your AWS environment from Sophos Cloud Optix.
You can choose which method you use to add your Microsoft Azure environments to Sophos Cloud Optix.
Azure Quick-start
You can use Microsoft Azure Quick-start to add environments to Sophos Cloud Optix.
Add Azure environments using PowerShell scripts
You can add your Microsoft Azure environments to Sophos Cloud Optix by running the PowerShell script Sophos provides.
Add Azure environments using Terraform
You can add your Microsoft Azure environments to Sophos Cloud Optix using our Terraform template.
Troubleshooting for Azure
How to resolve problems with adding Microsoft Azure environments.
Remove your Azure environment
You can remove a Microsoft Azure environment from Sophos Cloud Optix.
You can add a Google Cloud Platform (GCP) project to Sophos Cloud Optix by running the script Sophos provides.
What does the Sophos Cloud Optix script for GCP do?
The script creates a read-only service account in a GCP project.
Remove your GCP environment
You can remove a Google Cloud Platform environment from Sophos Cloud Optix.
Add your Kubernetes environment
You can add a native Kubernetes cluster to Sophos Cloud Optix by running the script Sophos provides.
Sophos Cloud Optix can monitor code submitted to your Infrastructure as Code (IaC) repositories for potential security issues.
Add code repositories using GitHub
Sophos provides a GitHub app that you can install to give Sophos Cloud Optix access to your repositories.
Add code repositories using Bitbucket
Sophos provides a Bitbucket app that you can install to give Sophos Cloud Optix access to your repositories.
Add code repositories via Jenkins pipeline
Sophos provides a script that you can add to Jenkins to give Sophos Cloud Optix access to your repositories.
Monitor your IaC environment
You can monitor code repositories you've added to Sophos Cloud Optix.
Sophos XDR Integration
You can use Sophos Cloud Optix data with Live Discover in Sophos Central.
Sophos Server Protection agent integration
You can use Sophos Intercept X for Server with Sophos Cloud Optix to enhance protection for your cloud workloads.
Sophos MTR connector
The Managed Threat Response (MTR) connector sends alerts to the Sophos MTR service.
You can protect your container images with Sophos Cloud Optix.
Set up container images
You can integrate container image scanning with Sophos Cloud Optix.
Sophos Cloud Optix has several types of anomaly detection. They're turned on automatically.
SophosLabs threat intelligence
Sophos Cloud Optix detects outbound traffic to known bad IP addresses.
User login anomalies
Sophos Cloud Optix detects suspicious login events.
Outbound network traffic anomalies
Sophos Cloud Optix detects anomalous outbound network traffic.
Applications inferred from host behavior
Sophos Cloud Optix can infer the applications running from the behavior of the host computer instance.
High-risk activity
Sophos Cloud Optix uses artificial intelligence (AI) to detect high-risk activity.
Network visualization
Sophos Cloud Optix provides a graphical representation of your cloud environment.
IAM visualization
You can view AWS identity and access management (IAM) relationships.
You can monitor spending on cloud environments to quickly identify unauthorized usage and control cloud infrastructure costs.
Setting up environments for Spend Monitor
You can set up spend monitoring for different types of cloud environments.
Spend Monitor Policies
You can configure policies that alert you to unexpected spend increases and make recommendations to control costs.
Sophos Cloud Optix provides security and compliance policies which give deeper insight into your current security posture.
Use out-of-the-box policies
Sophos Cloud Optix provides out-of-the-box policies.
Customize policies
You can customize Sophos Cloud Optix policies.
View policy reports
Sophos Cloud Optix automatically generates reports for all out-of-the-box and custom policies.
Track policy compliance
Sophos Cloud Optix lets you track compliance results over time.
AWS resources scanned
Find out which AWS resources are checked.
Azure resources scanned
Find out which Azure resources are checked.
GCP resources scanned
Find out which Google Cloud Platform (GCP) resources are checked.
Alerts for non-compliant Sophos Cloud Optix resources
Sophos Cloud Optix's actions sometimes cause alerts because they don't comply with CIS recommendations.
You can integrate Sophos Cloud Optix with your existing business tools to automate cloud security monitoring, GRC (governance, risk and compliance) and DevSecOps processes.
Integrate using webhooks
You can use webhooks to integrate with systems for remediation, reporting, and other functions.
Integrate with Jira
You can create or update Jira tickets from Sophos Cloud Optix alerts.
Integrate with Slack
You can push new Sophos Cloud Optix alerts to a specific Slack channel for instant notification.
Integrate with Microsoft Teams
You can push new Sophos Cloud Optix alerts to a specific Microsoft Teams channel.
Integrate with ServiceNow
You can create and update ServiceNow tickets from Sophos Cloud Optix alerts.
Integrate with Splunk
You can send Sophos Cloud Optix data to your Splunk Enterprise or Cloud instance using Splunk's HTTP event collector (HEC) interface.
Integrate with PagerDuty
You can push Sophos Cloud Optix alerts to PagerDuty.
Integrate using the Sophos Cloud Optix API
You can use an API to access Sophos Cloud Optix functions.
Integrate with AWS Security Hub
You can generate alerts in Sophos Cloud Optix from findings from AWS security services.
Integrate with Amazon GuardDuty
You can aggregate Amazon GuardDuty alerts into Sophos Cloud Optix, regardless of region.
Integrate with Amazon SNS
You can send Sophos Cloud Optix alerts to an Amazon SNS (Simple Notification Service) topic you've created in your AWS account.
Integrate with Microsoft Azure Sentinel
You can send Sophos Cloud Optix alert data to your Microsoft Azure Sentinel workspace.
You can use Sophos Cloud Optix search terms on your inventory data.
Supported search field names
Tables of valid search field names and types.
Search examples
You can combine different terms to create complex searches.
Weekly summary report
You can get an overview report each week.
You can use pre-defined administration roles to divide up security tasks according to each administrator's responsibility level.
Environment access control
You can put cloud environments into groups and control who can access each group.
Authorization problems can cause synchronization failures.
Change API sync regions for AWS environments
You can change regions to solve synchronization problems between AWS and Sophos Cloud Optix.
Create new Azure secret
You can create a new Azure secret to solve synchronization problems between Azure and Sophos Cloud Optix.
Subscriptions are based on the number of cloud assets in the cloud environments you add to Sophos Cloud Optix.
Sophos Cloud Optix versions
There are two versions of Sophos Cloud Optix, Sophos Cloud Optix Standard and Sophos Cloud Optix Advanced.
Cloud provider charges
Your cloud provider will charge you for Sophos Cloud Optix activity that collects or sends log data. The charge depends on usage and amount of data.
This section only applies to AWS environments added to Sophos Cloud Optix prior to November 2020
Legacy: AWS Quick-start
These instructions tell you how to use the AWS Quick-start option to connect your AWS accounts to Sophos Cloud Optix easily.
Legacy: Add AWS environments using CLI scripts
You can add your AWS environment using a script.
Legacy: Add AWS environments using AWS CloudFormation
You can add AWS environments to Sophos Cloud Optix using AWS CloudFormation.
Legacy: Add your Amazon EKS clusters
You can add Amazon EKS clusters to AWS accounts you've added to Sophos Cloud Optix.
Legacy: Resources created in your AWS environments
A full deployment of Sophos Cloud Optix adds AWS environments to the service and sets up communication between AWS and Sophos.
Legacy: Troubleshooting for AWS
If there are problems with adding an AWS environment, run the uninstall script and try again.
Legacy: Remediation
Sophos Cloud Optix can remediate issues related to S3 buckets, security groups, and IAM password policies, in AWS environments.
Legacy: Remove your AWS environment
You can remove your AWS environment from Sophos Cloud Optix.
Supported web browsers
Check that Sophos Cloud Optix can run on your web browser.
How Sophos stores and manages your data
Find out how Sophos looks after your data, and about our GDPR compliance.
Get additional help
To get help from Sophos Support:
Legal notices

About this Help

This Help tells you how to use all the features in Sophos Cloud Optix.

Can't find what you need?

Try the following:

  • Use the Search bar above.
  • Go to the Support section of our website and search there. This finds knowledge base articles or Sophos Community posts.

Not using Sophos Cloud Optix yet?

Get a subscription to Sophos Cloud Optix or sign up for a free trial.

74cd713a68ea43b7a863a7e8e2e2038b7cdb3b5c