Sophos Central Cloud - Alerts
Sophos Central Cloud - Events
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project,
feel free to reach out to us!Overview
Sophos Central is a unified, cloud-based management platform to monitor and secure your organization from threats. It’s used by businesses of all sizes to consolidate the Sophos suite of solutions into a single management solution.
This integration ingests the following logs:
- Alerts
- Sophos Alert refers to a notification or warning generated by Sophos Central Cloud in response to a security event or potential threat. Alerts are triggered based on predefined security policies, detection rules, or anomalous activities identified by the Sophos Central Cloud.
- Events
- Sophos Event refers to a specific occurrence that is detected and recorded by Sophos Central Cloud. Events can include various security-related activities such as malware detection, unauthorized access attempts, system vulnerabilities, and other security events.
The Sophos Central Cloud integration seamlessly collects all the above listed logs, channeling them into Datadog for analysis. Leveraging the built-in logs pipeline, these logs are parsed and enriched, enabling effortless search and analysis. The integration provides insight into alerts and events through the out-of-the-box dashboards. Additionally, the integration enriches corresponding endpoint details along with alert and event logs through the get_endpoint_details flag.
Setup
Configuration
Sophos Central Cloud Configuration
- Login to Sophos Central Platform with your credentials.
- From Sophos Central Admin, go to My Products > General Settings > API Credentials Management.
- Click Add Credential.
- Provide a credential name, select the appropriate role, add an optional description, and click the Add button. The API credential Summary for this credential is displayed.
- Click Show Client Secret to display the Client Secret.
- Copy the Client ID and Client Secret.
Sophos Central Cloud DataDog Integration Configuration
Configure the Datadog endpoint to forward Sophos Central Cloud events as logs to Datadog.
- Navigate to
Sophos Central Cloud. - Add your Sophos Central Cloud credentials.
| Sophos Central Cloud Parameters | Description |
|---|
| Client ID | The Client ID from Sophos Central Cloud. |
| Client Secret | The Client Secret from Sophos Central Cloud. |
| Get Endpoint Details | Set to “true” to collect endpoint details for Sophos Central Cloud Alert and Event Logs, otherwise set to “false”. Default is “true”. |
Data Collected
Logs
The integration collects and forwards Sophos Central Cloud Alert and Event logs to Datadog.
Metrics
The Sophos Central Cloud integration does not include any metrics.
Events
The Sophos Central Cloud integration does not include any events.
Support
For further assistance, contact Datadog Support.
