# Sophos Intercept X

In this guide, you will create new credentials for Sophos Central to allow Radiant Security to pull alerts and events from Sophos Intercept X (Sophos Endpoint).

At the end of this configuration, you will provide Radiant Security with the following values:

* **Client ID**
* **Client Secret**

### Prerequisites

* [ ] Enterprise Super Admin access

### Create credentials for Sophos Central

1. Log in to your Sophos Central Admin account as an Enterprise Super Admin.
2. Go to **My Products** > **General Settings** > **API Credentials Management.**
3. Enter the following information in the **Add Credential** dialog box:
   * A name of the credential (e.g. `Radiant Integration`)
   * A description for the credential
   * For **Role**, select **Service Principal Forensics**

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FVLFNzKENsSNv2EvL0gvm%2FSophos_Intercept_X_01.webp?alt=media&#x26;token=554f012c-142d-474a-a44a-5ed6aef14503" alt="" width="375"><figcaption></figcaption></figure></div>

4. Click **Add**.
5. Note down the **Client ID** and **Client Secret**. The **Client Secret** is displayed only once. Ensure you copy it immediately and store it securely.

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Data Connector** and click **+ Add Connector**.
3. Search for and select the **Sophos API** data feed option and then click **Data Feeds**.
4. Under **Select your data feeds**, select **Sophos Intercept X** and click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name (e.g. `Sophos Forensics`).
6. Under **Required** **Credentials**, add the following values that you copied from the previous section:
   * **Client ID**
   * **Client Secret**
7. Click **Add Connector**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/sophos-intercept-x.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.