Skip to main content

Integrating with Sophos Central

  • Updated

Overview

Sophos Central is an integrated management platform to help simplify the administration of multiple Sophos products, including endpoint, mobile device management (MDM), server protection, and a secure web gateway. It helps you stop spam, phishing, malware, and data loss.

Blumira’s integration allows you to retrieve event data from Sophos Central directly to your Blumira sensor to start tracking logs for threat detection and response.

Before you begin

This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.

Next, obtain the credentials Blumira requires to access the Sophos Central API.

To gather the Sophos credentials:

  1. From the Sophos Central Admin page (https://central.sophos.com) go to Global Settings > API Token Management.
  2. Click Add token on the top-right corner of the screen.
  3. Select a token name and click Save.
  4. In API Token Summary, check the API Access Url + Headers section, and take note of:
    • url
    • x-api-key
    • Authorization (for example, Basic ZjAyODczYjctAxm42adfGhi3aE3…aSDF=)

Configuring Blumira

Next, you’ll need to configure your Blumira sensor to connect to the Sophos Central API, using the credentials you obtained in the steps above.

Follow these steps to add the Sophos Central module:

To add a module on an existing sensor and provide credentials:

  1. In Blumira, click Settings.
  2. Click Sensors.
  3. Click the sensor on which you want to add a module.
  4. On the detail page for the sensor, scroll down and click Add Module.
  5. In the Add New Module window, select the relevant module.
  6. Enter the credentials that you gathered in previous steps.
  7. (Optional) Type a name for this log deployment in the Log Source Name box.
    Note: Use alphanumeric characters, periods, and hyphens. Spaces and underscores are not allowed. This name will appear in the "device_address" column in the results of your event data queries. If you add more modules to collect logs for other integrations, this name will help you to identify them. 
  8. Click Install.

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles