TABLE OF CONTENTS
Overview
Sophos Central is a cloud-based device that is added to the UI using API calls. This document will help you with the steps to ingest the Sophos Central with ARIA ADR to have a better visibility of threats happening in your environment.
Steps Of Integration
To add the Sophos Central support, follow the steps below.
Steps to Generate API Token (Sophos Central Console)
- Log in to Sophos Central Console as Super Admin.
- Navigate to Global Settings → API Token Management.
- Select Add Token to generate new token details.
- Copy the url, x-api-key and Authorization key from API Access URL + Headers field. You will see something like this:
- Provide the url, x-api-key & Authorization key (ignore the Basic keyword) to ARIA Technical Support (aria_support@ariacybersecurity.com) or enter it in the APE screens below if you have access to the dashboard.
Steps to Configure Sophos Central (ARIA UI)
- Go to Add-On Store → Sophos Central.
- Select Add Sophos Central.
- Complete the fields below.
- Device: Select the name of the device 'Sophos Central'.
- Name: Enter an arbitrary descriptive name.
- CCE Host: Enter the IP Address of your CCE VM.
- Access ID/user name: x-api-key (Exact value of this key needs to be entered. You will get it from the Sophos console).
- Password/Secret Key: Authorization key (Exact value of this key needs to be entered. You will get it from the Sophos console).
- Now enter the URL in valid JSON Format in the last field. Below is an example:
- Note: This is example URL. Actual URL you will get it from Sophos central console while generating the API token.
- {"api": "https://api5.central.sophos.com/gateway"}
- Click Save.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article