Overview
Sophos Central is an integrated management platform to help simplify the administration of multiple Sophos products, including endpoint, mobile device management (MDM), server protection, and a secure web gateway. It helps you stop spam, phishing, malware, and data loss.
Blumira’s integration allows you to retrieve event data from Sophos Central directly to your Blumira sensor to start tracking logs for threat detection and response.
Before you begin
Before you can configure the Cloud Connector, you must gather the credentials Blumira requires to access the Sophos Central API.
To gather the Sophos credentials:
- Log in to the Sophos Central Admin page as a Super Admin of the tenant site you want to integrate with Blumira.
Important: If you have multiple tenants in Sophos Central, ensure that you navigate to the individual tenant that you are creating a Cloud Connector for in Blumira. Global-level credentials created in the parent partner site will fail. - Navigate to My Products > General Settings > API Credentials Management.
- Click Add credential in the top-right corner of the screen.
- In the Add credential window, complete the following:
- Type a credential name to help you identify the keys as related to the Blumira integration.
- (Optional) Type a description.
- In the Role box, select Service Principal ReadOnly.
- Click Add.
- In the API credential summary, copy the Client ID and Client Secret to use in the Blumira Cloud Connector.
Configuring Blumira
To configure the Blumira Cloud Connector and begin logging, do the following:
- In Blumira, navigate to Ingestion > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, select the connector you want to add.
- In Cloud Connector Name, type a name that will help you identify the integration.
- In the remaining fields, enter the credentials you gathered in the previous steps.
- Click Connect.