Sophos Central Cloud

Sophos Central Cloud - Alerts
Sophos Central Cloud - Events

Overview

Sophos Central is a unified, cloud-based management platform to monitor and secure your organization from threats. It’s used by businesses of all sizes to consolidate the Sophos suite of solutions into a single management solution.

This integration ingests the following logs:

  • Alert: Represents a notification or warning generated by Sophos Central Cloud in response to a security event or potential threat. Alerts are triggered based on predefined security policies, detection rules, or anomalous activities identified by the Sophos Central Cloud.
  • Event: Represents a specific occurrence that is detected and recorded by Sophos Central Cloud. Events can include various security-related activities such as malware detection, unauthorized access attempts, system vulnerabilities, and other security events.

The Sophos Central Cloud integration seamlessly collects all the above listed logs, channeling them into Datadog for analysis. Leveraging the built-in logs pipeline, these logs are parsed and enriched, enabling effortless search and analysis. The integration provides insight into alerts and events through the out-of-the-box dashboards. Additionally, the integration enriches corresponding endpoint details along with alert and event logs through the get_endpoint_details flag.

Setup

Generate API credentials in Sophos Central Cloud

  1. Log into your Sophos Central account.
  2. From Sophos Central Admin, go to My Products > General Settings > API Credentials Management.
  3. Click Add Credential.
  4. Provide a credential name, select the appropriate role, add an optional description, and click the Add button. The API credential summary page with the client ID is displayed.
  5. Click Show Client Secret to display the Client Secret.

Connect your Sophos Central Cloud account to Datadog

  1. Add your Sophos Central Cloud credentials.

    ParametersDescription
    Client IDThe client ID from Sophos Central Cloud.
    Client SecretThe client secret from Sophos Central Cloud.
    Get Endpoint DetailsKeep the default value of “true” to collect endpoint details for Sophos Central Cloud Alert and Event Logs. Otherwise, set to “false”.

  2. Click the Save button to save your settings.

Data Collected

Logs

The integration collects and forwards Sophos Central Cloud alert and event logs to Datadog.

Metrics

The Sophos Central Cloud integration does not include any metrics.

Events

The Sophos Central Cloud integration does not include any events.

Support

Need help? Contact Datadog Support.