Sophos Central V3
Version: 3.3
Updated: Mar 4, 2024
Utilize Sophos Central enrichment data during incident investigations.
Actions
- Get Alerts (Enrichment) - Gather Sophos Central alerts.
- Get Alerts Sophos Daemon (Daemon) - Get Sophos Central alerts on a time interval.
- Get Endpoints (Enrichment) - Gather all endpoints.
- Isolate an Endpoint (Containment) - Isolate a single endpoint.
- Isolate Endpoints (Containment) - Isolate multiple endpoints.
Sophos Central V3 configuration
The following steps show how to create new API credentials to work with Cloud SOAR.
- Log in to the Sophos Central Partner platform.
- On the left click on Settings & Policies and then click the API credentials.
- Click on Add Credential.
- Enter Credential name (required) and the description if you want.
- Click the Copy button on the Client ID and paste it temporally in a text editor.
- Click Show Client Secret.
- Now you can copy the key as shown.
Sophos Central V3 in Automation Service and Cloud SOAR
- Access integrations in the Automation Service or Cloud SOAR.
- After the list of the integrations appears, search/look for the integration and click on the row.
- The integration details will appear. Click on the "+" button to add new
Resource.
- Populate all the required fields (*) and then click SAVE.
- Label. The name of the resource.
- URL.
https://api.central.sophos.com
. - Client ID and Client Secret taken earlier from Sophos.
- To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
- Click TEST SAVED SETTINGS.
- You should receive a successful notification in the bottom right corner.
Change Log
- December 28, 2021 - First upload
- January 24, 2022 - New actions added
- July 11, 2023 (v3.2)
- Updated the integration with Environmental Variables
- Integration renamed from Sophos Central 3.0 to Sophos Central V3
- March 4, 2024 (v3.3) - Updated code for compatibility with Python 3.12