# Sophos Intercept X

Create API credentials in Sophos Central and use them to connect Sophos Intercept X (Sophos Endpoint) to Radiant Security. Once connected, Radiant ingests Sophos endpoint alerts and runs them through the AI triage pipeline.

At the end of this configuration, you will provide Radiant Security with the following values:

* **Client ID**
* **Client Secret**

### Prerequisites

* [ ] Enterprise Super Admin access to Sophos Central

### Create credentials in Sophos Central

{% stepper %}
{% step %}

#### Log in to Sophos Central

Log in to your [Sophos Central Admin](https://central.sophos.com) account as an **Enterprise Super Admin**.
{% endstep %}

{% step %}

#### Open API Credentials Management

Go to **My Products** > **General Settings** > **API Credentials Management**.
{% endstep %}

{% step %}

#### Add the credential

In the **Add Credential** dialog, enter the following:

* A name for the credential (e.g., `Radiant Integration`)
* A description for the credential
* For **Role**, select **Service Principal Forensics**

<div align="left"><figure><img src="/files/FJFBruoMZ7HOwZbDXk68" alt="" width="375"><figcaption></figcaption></figure></div>

Click **Add**.
{% endstep %}

{% step %}

#### Copy the Client ID and Client Secret

Copy the **Client ID** and **Client Secret** and store them securely.

{% hint style="warning" %}
The **Client Secret** is displayed only once. Copy it immediately. If you lose it, you must generate a new credential.
{% endhint %}
{% endstep %}
{% endstepper %}

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Data Connector** and click **+ Add Connector**.
3. Search for and select the **Sophos API** data feed option, then click **Data Feeds**.
4. Under **Select your data feeds**, select **Sophos Intercept X** and click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name (e.g., `Sophos Forensics`).
6. Under **Required Credentials**, paste the **Client ID** and **Client Secret** values copied from Sophos Central.
7. Click **Add Connector**.

### Verify ingestion

After Sophos Intercept X begins forwarding, confirm alerts and events are reaching Radiant.

1. In Radiant, navigate to [Log Management](https://app.radiantsecurity.ai/logs).
2. Filter by `rs_connectorType:"sophos_intercept_x"`.
3. Confirm recent alerts and events appear.

{% hint style="info" %}
Allow several minutes for alerts and events to be parsed, indexed, and available for search.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/sophos-intercept-x.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.