Integration: RocketCyber and Sophos
RocketCyber
NAVIGATION Integrations > Endpoint Security > Sophos Monitor
PERMISSIONS Partner Admin
Sophos Central Partner
NAVIGATION Configure > Settings & Policies > API Credentials
PERMISSIONS Access to Sophos threat data. Partner Super Admin includes the required permissions by default. For custom roles, grant Full access to Endpoint and Server Protection and Enable access to logs and alerts.
The RocketCyber and Sophos integration retrieves threat data from Sophos and surfaces it in RocketCyber, enabling the SOC to monitor and respond to threats across all managed tenants.
Prerequisites
-
This integration requires API credentials generated from Sophos Central Partner. Sophos Central Admin (tenant-level) API credentials are not supported by the RocketCyber Sophos integration and will result in an authentication or configuration error.
How to...
To generate the API credentials required for the integration, complete the following steps:
-
Log in to Sophos Central Partner.
-
Go to Settings & Policies > API Credentials.
-
Click Add Credentials.
-
Enter a name and description, for example, RocketCyber, and then click Add.
-
Copy the Client ID and click Show Client Secret.
-
Copy the Client Secret.
-
In RocketCyber, navigate to Integrations > Endpoint Security > Sophos Monitor.
-
Enter the Client ID and Client Secret generated in Sophos Central Partner, and then click Authenticate.
-
Map each Sophos tenant to the corresponding RocketCyber organization, and then click Save Map.
Sophos threat telemetry is now connected to RocketCyber and will appear on your dashboard.
FAQ
No. This integration requires API credentials generated from Sophos Central Partner. Sophos Central Admin (tenant-level) credentials are not supported and will result in an error during configuration.
A custom role must have:
-
Endpoint and Server Protection: Full
-
Feature: Enable access to logs and alerts
Partner Super Admin includes the required permissions by default.






