Sophos Central is one of the main tools within the organisation i work for. As such the introduction of the Sophos AlienApp was warmly welcomed by myself and the IT infrastructure team. Unfortunatly, there seems to be a lack of built in features at the moment and talking to others, they also feel the same about the current AlienApp.
The main point of this post is to gather a desired feature list from the Alien Vault community, so that the USM Anywhere developers have visibility of what is desired the most. To start with, ill add a few feature ideas i feel would make the Alien App really useable:
- Add the ability to be able to filter on the Action Taken for all of the Sophos data sources. This is currently available for the WEB data set, but not for the others. For example in the APPLICATION_CONTROL data set, it's useful to see what apps are being Blocked, or Allowed for a user.
- Add the ability to view the APPLICATION_CONTROL data by Application from within the Dashboard view. Currently non of the widgets allow me to see which applications are being controlled, just the users logged in when they were controlling them.
- For WEB event data, it would be good to be able to filter on catagory. The information curently only comes in the "Name" data field, so can't be filtered on for dashboard use.
- For the "Select Action" tool set, it would be good to be able to make a change that the admin would otherwise have to go into the Sophos Central console to configure. E.g. Start AV Scan, Update Sophos Client etc..
These are just a few to get the ball rolling, but it would be good to see what others would like from the AlienApp, as well as what people have done to get other issues they have found.