ΒΆ Sophos SIEM Integration Using Token Credentials
STOP: This method is NO LONGER IN USE! Please follow the Sophos Guide HERE.
If your organisation uses Sophos Central to manage the security of your endpoints, Secure-ISS can integrate into your Sophos Cloud solution to gather and ingest logs provided by the Sophos Platform.
To provide Secure-ISS with the required information, follow the steps below.
- Log into your Sophos Central Cloud platform and navigate to Global Settings. From here, click on API Token Management as shown below.
-
Click Add Token in the top right corner. In the Name field, give a name like SISS-QR.
-
From the API Token Summary page, Copy the contents of API Access URL + Headers and save to a text file. You will need this in the next step.
- Secure-ISS uses the secure password portal found at https://pass.secure-iss.com for all sensitive information transfer. To use, go to the URL above and you will find a text box into which you can paste the API Access URL + Headers from the previous step, as shown below.
- Leave the time setting at 1 week and when ready, click the Generate URL button as shown above.
- Finally, click the Copy button and paste the secure URL into an email and send to your SOC Onboarding Project Manager, as shown above.