Application Integrations
      Back to home
      1. Help Center
      2. Application Integrations

      Sophos Central Integration

      AgileBlue can collect Alert and Event logs from Sophos Central by leveraging the SIEM Integration API. Customers can also elect to leverage Sophos for host isolation via the AgileBlue SecOps Platform.

      Supported Platform Version

      • Sophos Central SIEM Integration API version v1

      Monitoring Integration

      Note: A user with Super Admin access will need to complete the setup process for this integration.

      1. Sign in to Sophos Central and navigate to My Products > General Settings > API Credentials Management
      2. Select Add Credential
      3. Provide a name of your choosing under Credential name (the description section is optional)
      4. Assign the role of Service Principal ReadOnly
      5. Click Add
      6. On the API credential summary page, copy your Client ID to a secure location
      7. Click Show Client Secret and copy this value to a secure location as well
      8. Follow sections 2 and 3 in this Sophos guide to collect your Tenant ID and Request URL
      9. Securely send the following values back to AgileBlue Support:
        1. Client ID
        2. Client Secret
        3. Tenant ID
        4. Request URL (Ex. https://api-{dataRegion}.central.sophos.com)
        5. API credential expiration date

      Host Isolation Integration

      In order to select Sophos as the default Host Isolation engine within the AgileBlue platform, follow the steps below to create a second API connection and enable the integration within our portal.

      1. Sign in to Sophos Central and navigate to My Products > General Settings > API Credentials Management
      2. Select Add Credential
      3. Provide a name of your choosing under Credential name (the description section is optional)
      4. Assign the role of Service Principal Super Admin
      5. Click Add
      6. On the API credential summary page, copy your Client ID to a secure location
      7. Click Show Client Secret and copy this value to a secure location as well
      8. Next, navigate to the AgileBlue Portal and log in
      9. Select Settings then Alert Playbook
      10. Scroll to the Host Isolation System section and select Sophos from the dropdown menu
      11. Enter the Client ID and Client Secret gathered in steps 6 and 7

      Need Help?

      AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues with the installation or if you have any questions, please reach out to AgileBlue Support.

      Email: support@agileblue.com 
      Phone: (216) 606-9400      🚨