Sophos Endpoint Protection

Sophos Intercept X Endpoint delivers protection, stopping advanced attacks before they impact your systems. Powerful endpoint and extended detection and response (EDR/XDR) tools let your organization hunt for, investigate, and respond to suspicious activity and indicators of an attack.

Integration Method: API

Tables: Detection Finding

Sophos Endpoint Protection Configuration

Before configuring the data source in the DataBee UI, you need to set up an API client in the Sophos Central dashboard to obtain the necessary credentials. Follow these steps:

1. Sign in to the Sophos Central Dashboard.

2. Click on the General Settings option in the menu bar at the top right corner

3. On the General Settings window, click on the API Credentials Management option.

4. On the API Credentials Management window select Add Credentials.

5. Add the Credential Name, Description(optional) and select Service Principal Super Admin in the Role dropdown, then click on Add.

6. Under API credential summary you can find your Client ID and Client Secret. 

DataBee Configuration

1. Login to the DataBee console, navigate to Data>Datasource and click on Add new Datasource.

2. Search for Sophos Endpoint Protection and select it.

3. Click on API Ingest.

4. Enter the required details in the form, and click on Next.

5. In the configuration details page, enter the following

   • Authorization Method: OAuth2

   • Client Key: Paste the Client ID generated earlier

   • Client Secret: Paste the Client Secret generated earlier

   • Click on Submit.