# Sophos Intercept X

In this guide, you will create new credentials for Sophos Central to allow Radiant Security to pull alerts and events from Sophos Intercept X (Sophos Endpoint).

At the end of this configuration, you will provide Radiant Security with the following values:

* **Client ID**
* **Client Secret**

### Prerequisites

* [ ] Enterprise Super Admin access

### Create credentials for Sophos Central

1. Log in to your Sophos Central Admin account as an Enterprise Super Admin.
2. Go to **My Products** > **General Settings** > **API Credentials Management.**
3. Enter the following information in the **Add Credential** dialog box:
   * A name of the credential (e.g. `Radiant Integration`)
   * A description for the credential
   * For **Role**, select **Service Principal Forensics**

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FVLFNzKENsSNv2EvL0gvm%2FSophos_Intercept_X_01.webp?alt=media&#x26;token=554f012c-142d-474a-a44a-5ed6aef14503" alt="" width="375"><figcaption></figcaption></figure></div>

4. Click **Add**.
5. Note down the **Client ID** and **Client Secret**. The **Client Secret** is displayed only once. Ensure you copy it immediately and store it securely.

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Data Connector** and click **+ Add Connector**.
3. Search for and select the **Sophos API** data feed option and then click **Data Feeds**.
4. Under **Select your data feeds**, select **Sophos Intercept X** and click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name (e.g. `Sophos Forensics`).
6. Under **Required** **Credentials**, add the following values that you copied from the previous section:
   * **Client ID**
   * **Client Secret**
7. Click **Add Connector**.