Skip to main content

Sophos Central V3

sophos-central

Version: 3.3
Updated: Mar 4, 2024

Utilize Sophos Central enrichment data during incident investigations.

Actions

  • Get Alerts (Enrichment) - Gather Sophos Central alerts.
  • Get Alerts Sophos Daemon (Daemon) - Get Sophos Central alerts on a time interval.
  • Get Endpoints (Enrichment) - Gather all endpoints.
  • Isolate an Endpoint (Containment) - Isolate a single endpoint.
  • Isolate Endpoints (Containment) - Isolate multiple endpoints.

Sophos Central V3 configuration

The following steps show how to create new API credentials to work with Cloud SOAR.

  1. Log in to the Sophos Central Partner platform.
  2. On the left click on Settings & Policies and then click the API credentials.
    sophos-central
  3. Click on Add Credential.
    sophos-central
  4. Enter Credential name (required) and the description if you want.
    sophos-central
  5. Click the Copy button on the Client ID and paste it temporally in a text editor.
  6. Click Show Client Secret.
    sophos-central
  7. Now you can copy the key as shown.
    sophos-central

Sophos Central V3 in Automation Service and Cloud SOAR

  1. Access integrations in the Automation Service or Cloud SOAR.
  2. After the list of the integrations appears, search/look for the integration and click on the row.
  3. The integration details will appear. Click on the "+" button to add new Resource.
  4. Populate all the required fields (*) and then click SAVE.
    • Label. The name of the resource.
    • URL. https://api.central.sophos.com.
    • Client ID and Client Secret taken earlier from Sophos.
      sophos-central
  5. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
    sophos-central
  6. Click TEST SAVED SETTINGS.
    sophos-central
  7. You should receive a successful notification in the bottom right corner.
    sophos-central

Change Log

  • December 28, 2021 - First upload
  • January 24, 2022 - New actions added
  • July 11, 2023 (v3.2)
    • Updated the integration with Environmental Variables
    • Integration renamed from Sophos Central 3.0 to Sophos Central V3
  • March 4, 2024 (v3.3) - Updated code for compatibility with Python 3.12
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.