Ask the Community
Groups
Configure the Sophos Monitor - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="access-sophos-threats-on-your-rocketcyber-dashboard-and-enable-the-soc-to-take-action">Access Sophos threats on your RocketCyber dashboard and enable the SOC to take action.</h2> <h3 data-id="overview">Overview</h3> <p>The Sophos App is designed to retrieve all threat data from the Sophos dashboard. It is designed to operate across all tenants (customers) where Sophos malware protection is deployed.</p> <h3 data-id="required-permissions">Required Permissions</h3> <p>The account that you logon to the Sophos Partner Portal for generating the API Credentials must have access to the threat data. If you are creating a custom role, <strong>select</strong>: <strong>Full for Endpoint and Server Protection</strong>, then scroll down to <strong>Feature/select Enable access to logs and alerts</strong>. If you are using the Partner Super Admin to login and generate the API Token, the default permissions are set and no customization is needed. </p> <h3 data-id="how-to-set-up">How to Set Up</h3> <ol><li>Find your Sophos API Credentials <ul><li>Log in to the <strong>Sophos Partner Portal</strong> (not Sophos Central Admin). </li> <li>Go to the Configure / Settings & Policies / select API Credentials<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/7PE0F7X0X8A5/sophos-settings-policies.png" alt="sophos-settings-policies.png" class="embedImage-img importedEmbed-img"></img></li> <li>Click Add Credentials</li> <li> <strong>Type</strong> a Name and Description such as RocketCyber SOC, then click Add<img src="https://us.v-cdn.net/6032361/uploads/migrated/IE2POUQHF7T9/name-your-api-creds.png" alt="name-your-api-creds.png" class="embedImage-img importedEmbed-img"></img><br><br></li> <li> <strong>Copy</strong> both the Client ID and Client Secret (Note - the client secret is only shown once)<img src="https://us.v-cdn.net/6032361/uploads/migrated/2594JQBRF5FY/clientid-client-secret.png" alt="clientid-client-secret.png" class="embedImage-img importedEmbed-img"></img><br><br></li> </ul></li> <li>Then navigate to RocketCyber SOC platform, navigate to Integrations / Antivirus / Sophos Monitor, and past both the Client ID and Client Secret<img src="https://us.v-cdn.net/6032361/uploads/migrated/IPB188ISG3OP/paste-clientid-secret-authenticate.png" alt="paste-clientid-secret-authenticate.png" class="embedImage-img importedEmbed-img"></img><br><br></li> <li>Map your Sophos customers to RocketCyber customers to align the threat data <br><img src="https://us.v-cdn.net/6032361/uploads/migrated/JTS7F6ZKKH0T/sophos-customer-mapping.png" alt="sophos-customer-mapping.png" class="embedImage-img importedEmbed-img"></img></li> </ol><p>Congratulations, your Sophos NGAV threat telemetry is now connected to the RocketCyber SOC.</p> </article> </main>