Sophos Intercept X

Pull Sophos endpoint data.

In this guide, you will create new credentials for Sophos Central to allow Radiant Security to pull alerts and events from Sophos Intercept X (Sophos Endpoint).

At the end of this configuration, you will provide Radiant Security with the following values:

Client ID
Client Secret

Prerequisites

Enterprise Super Admin access

Create credentials for Sophos Central

Log in to your Sophos Central Admin account as an Enterprise Super Admin.
Go to My Products > General Settings > API Credentials Management.
Enter the following information in the Add Credential dialog box:
- A name of the credential (e.g. Radiant Integration)
- A description for the credential
- For Role, select Service Principal Forensics

Click Add.
Note down the Client ID and Client Secret. The Client Secret is displayed only once. Ensure you copy it immediately and store it securely.

Add the data connector in Radiant Security

Log in to Radiant Security.
From the navigation menu, select Settings > Data Connector and click + Add Connector.
Search for and select the Sophos API data feed option and then click Data Feeds.
Under Select your data feeds, select Sophos Intercept X and click Credentials.
Under Credential Name, give the credential an identifiable name (e.g. Sophos Forensics).
Under Required Credentials, add the following values that you copied from the previous section:
- Client ID
- Client Secret
Click Add Connector.

PreviousSonicWall Network (syslog)NextSplunk Webhook

Last updated 6 months ago

Was this helpful?

Good afternoon

hashtagPrerequisites

hashtagCreate credentials for Sophos Central

hashtagAdd the data connector in Radiant Security

Prerequisites

Create credentials for Sophos Central

Add the data connector in Radiant Security