AWS Quick-start

Find out about using AWS Quick-start to add environments to Sophos Cloud Optix

Using a simple CloudFormation template, Quick-start creates a read-only IAM role in your AWS account. Sophos Cloud Optix uses this role to access information via APIs to monitor security.

Quick-start gets you up and running with core features, including:

  • Inventory.
  • Security configuration scanning.
  • Spend monitoring.
  • Sophos server workload agent integration.

Quick-start doesn't support the following advanced features:

  • Network traffic information flow displayed on Network Visualization.
  • Outbound network traffic anomaly detection and alerts.
  • Activity Logs, including identification of high-risk activities.
  • User login anomaly detection and alerts.
  • Sophos Managed Threat Response (MTR) connector.

To use these features, use one of the full setup options instead.

If you add an environment with Quick-start, and then later you want to use the advanced features with the same environment, use the AWS CLI script setup option. You don't have to remove the environment first. See Add AWS environments using CLI scripts.

Restriction Quick-start can't be used with the Sophos MTR connector. This requires Activity Logs and Flow Logs to receive anomaly alerts from Sophos Cloud Optix. To use the Sophos MTR connector, use one of the full setup options.

To use Quick-start, do as follows:

  1. Sign in to your AWS console with the account you want to add to Sophos Cloud Optix
  2. Sign in to Sophos Cloud Optix.
  3. Go to Settings and click Add Environments.
  4. Click AWS > AWS Quick-start.
  5. Follow the instructions on the screen to add your AWS account to Sophos Cloud Optix.

This creates an IAM role called Sophos-Optix-role in your AWS account and connects your AWS account to Sophos Cloud Optix.

Note After adding your AWS account to Sophos Cloud Optix, you can add Amazon Elastic Kubernetes Service (EKS) clusters. You must add these clusters to Sophos Cloud Optix separately, using the Amazon CLI script provided by Sophos. See Add your Amazon EKS clusters.