• Support
  • Forums
  • Blogs

Sophos AlienApp Feature Requests


New Life Form
Hello All,

Sophos Central is one of the main tools within the organisation i work for. As such the introduction of the Sophos AlienApp was warmly welcomed by myself and the IT infrastructure team. Unfortunatly, there seems to be a lack of built in features at the moment and talking to others, they also feel the same about the current AlienApp.

The main point of this post is to gather a desired feature list from the Alien Vault community, so that the USM Anywhere developers have visibility of what is desired the most. To start with, ill add a few feature ideas i feel would make the Alien App really useable:

- Add the ability to be able to filter on the Action Taken for all of the Sophos data sources. This is currently available for the WEB data set, but not for the others. For example in the APPLICATION_CONTROL data set, it's useful to see what apps are being Blocked, or Allowed for a user.

- Add the ability to view the APPLICATION_CONTROL data by Application from within the Dashboard view. Currently non of the widgets allow me to see which applications are being controlled, just the users logged in when they were controlling them.

- For WEB event data, it would be good to be able to filter on catagory. The information curently only comes in the "Name" data field, so can't be filtered on for dashboard use.

- For the "Select Action" tool set, it would be good to be able to make a change that the admin would otherwise have to go into the Sophos Central console to configure. E.g. Start AV Scan, Update Sophos Client etc..

These are just a few to get the ball rolling, but it would be good to see what others would like from the AlienApp, as well as what people have done to get other issues they have found.

Share post:


  • Thank you for the detailed feedback - much appreciated!  Can you open a support case and include some sample Sophos Central log files?  That will help us troubleshoot some of the filtering issues you mentioned.
  • I was just searching the forum to put in a feature request for Sophos Central, but I could not have said what I wanted better than the post above. My main want is to be able to use the "select action" tool to kick off scans in the case of odd behavior seen in other tools such as our Umbrella filter or brute force behavior. Also, I really want to be able to separate cleaned from uncleaned infections as one requires action, the other does not.
Sign In or Register to comment.