Skip to main content

Cloud ConnectorsExabeam Cloud Connectors Configuration Guide

Sophos Central Cloud Connector

Sophos Central is a cloud-based unified console for managing and simplifying administration of all Sophos products. It allows you to manage the Sophos security platform, protects against advanced threats, and ensures quick response to incidents. For more information visit their website.

Prerequisites to Configure the Sophos Central Connector

Before you configure the Sophos Central connector you must complete the following prerequisites:

  • Configure the Sophos Central account to allow Exabeam Cloud Connector integration.

  • Generate an API token containing the values for API access URL and headers for basic authentication method.

  • Generate Client ID and Client Secret or Key for OAuth2 authentication method.

  • Configure firewall and network connections to allow connectivity from Exabeam Cloud Connector platform to https://*sophos.com.

Configure Sophos Central Account and Obtain API Token

To configure Sophos Central account and to obtain the API token:

  1. Log in to your Sophos Central account as an administrator.

  2. In the left pane, click Global Settings, then click Add Token.

  3. Specify a name for the token and click Save.

  4. On the API Token Summary page, note the values represented by a string of letters and numbers for the following fields:

    • API Access URL

    • Headers

    Use the values for API Access URL and Headers while configuring the Sophos Central connector on the Exabeam cloud connector platform.

Obtain Client ID and Client Secret or Client Key

To obtain the Client ID and Client Secret or Key:

  1. Log in to your Sophos Central account as an administrator.

  2. In Sophos Central Admin, navigate to Global Settings > API Credentials Management.

  3. To create a token, click Add Credential.

  4. Select a Credential name and select the appropriate role, and click Add. The API credential Summary for this credential displays the Client ID. Record the Client ID to use it while configuring the Sophos Central Cloud Connector.

  5. To view the Client Secret, click Show Client Secret. Record the value to use it for the Client Key field while configuring the Sophos Central Cloud Connector.

    For more information see Sophos Central APIs in the Sophos documentation.

Configure the Sophos Central Connector

Sophos Central is a cloud-based unified console for managing and simplifying administration of all Sophos products. It allows you to manage the Sophos security platform, protects against advanced threats, and ensures quick response to incidents. For more information visit their website.

Exabeam Cloud Connector for Sophos Central helps to:

  • Ingest audit events from multiple audit sources in the Sophos Central account

  • Unify the events into a common security events format

  • Enrich the events with required detection context

  • Send the events to the existing Security Information and Event Management (SIEM) system or Security Operations Center (SOC) system

  • Retrieve audit activities from Sophos services

To configure the Sophos Central connector to import data into the Exabeam Cloud Connector platform:

  1. Complete the Prerequisites to Configure the Sophos Central Connector.

  2. Log in to the Exabeam Cloud Connectors platform with your registered credentials.

  3. Navigate to Settings > Accounts > Add Account.

  4. Click Select Service to Add, then select Sophos Central from the list.

  5. In the Accounts section, enter the required information. Required fields are indicated with red bar.

    1. Account Name – Specify a name for the connector. For example, Corporate_Sophos.

    2. Description – (Optional) Describe the Sophos account. For example, admin service to manage Sophos products.

    3. Authentication Method – Select basic or oauth2.

      If you select the basic authentication method, use the following steps.

      • API Access URL – Enter the value for API Access URL that you obtained while completing the prerequisites.

      • Headers – Enter the value for Headers that you obtained while completing the prerequisites. The headers input should be a JSON array in the format:  

        ["x-api-key: xxxxxxxxxx", "Authorization: Basic yyyyyyyyyy"]
        Sophos1.png

      If you select the oauth2 authentication method, use the following steps.

      • Client ID – Enter the Client ID that you obtained while completing prerequisites.

      • Client Key – Enter the Client Secret that you obtained while completing prerequisites.

        Sophos_2.png
  6. To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.

  7. Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.

  8. To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows OK.