Login
    Contents x
    Sophos Endpoint Protection
    • 17 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Contents

    Sophos Endpoint Protection

    • Updated on 17 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Article summary

    Sophos Endpoint Protection delivers endpoint and extended detection and response to enable your organization hunt for, investigate, and respond to suspicious activity. For detailed information refer to the Sophos Endpoint Protection official documentation.

    Integration Method: API

    Tables: Detection Finding (2004)

    This integration supports the following events.

    Event

    Description

    Events

    Retrieve list of events.

    This integration supports the following versions.

    Sophos Endpoint Protection API version

    v1

    Prerequisites

    • The user should have access to the Sophos Endpoint Protection portal with an account that has the Global Administrator privileges.

    • The user should have access to the DataBee console.

    Configuration Overview

    1. Generate an API token with the required scopes.

    2. Add the Sophos Endpoint Protection in the DataBee console with the below parameters.

      DataBee Parameters

      Sophos Endpoint Protection Parameters

      Client Key

      Client ID

      Client Secret

      Client Secret

    Sophos Endpoint Protection Configuration

    1. Sign in to the Sophos Central Dashboard.

    2. Click on the General Settings option in the menu bar at the top right corner.
       

    3. Click on the API Credentials Management option.
       

    4. Click on Add Credential.
       

    5. In the Add credential, enter the following and click Add.

      • Credential name: enter Credential name.

      • Role: select Service Principal ReadOnly.
         

    6. Copy Client ID and Client Secret.
       

      Note:

      Save the credentials. The credentials will not be viewable again. These credentials will expire in 36 months, and it will have to be re-generated.

    DataBee Configuration

    1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
       

    2. Search for the Sophos Endpoint Protection and click it as shown below.
       

    3. Click on the API Ingest option for collection method.
       

    4. Enter feed contact information and click Next.
       

    5. In the configuration page, confirm the following:

      • Authorization Method: OAuth2

      • API Base URL: this is the base URL that DataBee will interact with.

      • Client Key: enter the Client ID.

      • Client Secret: enter the Client Secret.

      • Token URL: this is the token URL.

      • Event Types: preselected for all the event types that integration pulls.
         

    6. Click Submit.

    Troubleshooting Tips

    • Ensure the Client Key and Client Secret is pasted correctly. Since you cannot view the Client Secret after the 1st time, re-create the API credential, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence