Configure Endpoint Security - Sophos

Access Sophos threats on your RocketCyber dashboard and enable the SOC to take action.

Overview

The Sophos App is designed to retrieve all threat data from the Sophos dashboard. It is designed to operate across all tenants (organizations) where Sophos malware protection is deployed.

Required Permissions

The account that you logon to the Sophos Partner Portal for generating the API Credentials must have access to the threat data. If you are creating a custom role, select: Full for Endpoint and Server Protection, then scroll down to Feature/select Enable access to logs and alerts. If you are using the Partner Super Admin to login and generate the API Token, the default permissions are set and no customization is needed.

How to Set Up

Find your Sophos API Credentials
- Log in to the Sophos Partner Portal (Using Credentials fromaSophos Central Admin type account is Not supported).
- Go to the Configure / Settings & Policies / select API Credentials
- Click Add Credentials
- Type a Name and Description such as RocketCyber SOC, then click Add
- Copy both the Client ID and Client Secret (Note - the client secret is only shown once)
Then navigate to RocketCyber SOC platform, navigate to Integrations / Antivirus / Sophos Monitor, and past both the Client ID and Client Secret
Map your Sophos tenants to RocketCyber organizations to align the threat data

Congratulations, your Sophos NGAV threat telemetry is now connected to the RocketCyber SOC.

NOTE Admin top level credentials must be used for the integration, using credentials from a tenant level is not supported and will produce an error message

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.