- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
Sophos Central Cloud Connector
Sophos Central is a cloud-based unified console for managing and simplifying administration of all Sophos products. It allows you to manage the Sophos security platform, protects against advanced threats, and ensures quick response to incidents. For more information visit their website.
Prerequisites to Configure the Sophos Central Connector
Before you configure the Sophos Central connector you must complete the following prerequisites:
Configure the Sophos Central account to allow Exabeam Cloud Connector integration.
Generate an API token containing the values for API access URL and headers for basic authentication method.
Generate Client ID and Client Secret or Key for OAuth2 authentication method.
Configure firewall and network connections to allow connectivity from Exabeam Cloud Connector platform to https://*sophos.com.
Configure Sophos Central Account and Obtain API Token
To configure Sophos Central account and to obtain the API token:
Log in to your Sophos Central account as an administrator.
In the left pane, click Global Settings, then click Add Token.
Specify a name for the token and click Save.
On the API Token Summary page, note the values represented by a string of letters and numbers for the following fields:
API Access URL
Headers
Use the values for API Access URL and Headers while configuring the Sophos Central connector on the Exabeam cloud connector platform.
Obtain Client ID and Client Secret or Client Key
To obtain the Client ID and Client Secret or Key:
Log in to your Sophos Central account as an administrator.
In Sophos Central Admin, navigate to Global Settings > API Credentials Management.
To create a token, click Add Credential.
Select a Credential name and select the appropriate role, and click Add. The API credential Summary for this credential displays the Client ID. Record the Client ID to use it while configuring the Sophos Central Cloud Connector.
To view the Client Secret, click Show Client Secret. Record the value to use it for the Client Key field while configuring the Sophos Central Cloud Connector.
For more information see Sophos Central APIs in the Sophos documentation.
Configure the Sophos Central Connector
Sophos Central is a cloud-based unified console for managing and simplifying administration of all Sophos products. It allows you to manage the Sophos security platform, protects against advanced threats, and ensures quick response to incidents. For more information visit their website.
Exabeam Cloud Connector for Sophos Central helps to:
Ingest audit events from multiple audit sources in the Sophos Central account
Unify the events into a common security events format
Enrich the events with required detection context
Send the events to the existing Security Information and Event Management (SIEM) system or Security Operations Center (SOC) system
Retrieve audit activities from Sophos services
To configure the Sophos Central connector to import data into the Exabeam Cloud Connector platform:
Complete the Prerequisites to Configure the Sophos Central Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select Sophos Central from the list.
In the Accounts section, enter the required information. Required fields are indicated with red bar.
Account Name – Specify a name for the connector. For example, Corporate_Sophos.
Description – (Optional) Describe the Sophos account. For example, admin service to manage Sophos products.
Authentication Method – Select basic or oauth2.
If you select the basic authentication method, use the following steps.
API Access URL – Enter the value for API Access URL that you obtained while completing the prerequisites.
Headers – Enter the value for Headers that you obtained while completing the prerequisites. The headers input should be a JSON array in the format:
["x-api-key: xxxxxxxxxx", "Authorization: Basic yyyyyyyyyy"]
If you select the oauth2 authentication method, use the following steps.
Client ID – Enter the Client ID that you obtained while completing prerequisites.
Client Key – Enter the Client Secret that you obtained while completing prerequisites.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK
.