Application Integrations
      Back to home
      1. Help Center
      2. Application Integrations

      Sophos Central Integration

      AgileBlue can collecto Alert and Event logs from Sophos Central by leveraging the SIEM Integration API.

      Supported Platform Version

      • Sophos Central SIEM Integration API version v1

      Setup Process

      Note: A user with Super Admin access will need to complete the setup process for this integration.

      1. Sign in to Sophos Central Admin and go to: https://central.sophos.com/manage
      2. Click Global Settings
      3. Select API Credentials
      4. In the top right, select Add Credential
      5. Provide a name of your choosing under Credential name (the description section is optional) and click Add
      6. On the API credential summary page, copy your Client ID to a secure location
      7. Click Show Client Secret and copy this value to a secure location as well
      8. Follow sections 2 and 3 in this Sophos guide to collect your Tenant ID and Request URL
      9. Securely send the following values back to AgileBlue Support:
        1. Client ID
        2. Client Secret
        3. Tenant ID
        4. Request URL (Ex. https://api-{dataRegion}.central.sophos.com)

      Need Help?

      AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues with the installation or if you have any questions, please reach out to AgileBlue Support.

      Email: support@agileblue.com 
      Phone: (216) 606-9400      🚨