Cloud Applications – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu Next Generation SIEM & SOAR Tue, 05 Nov 2024 11:35:58 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 https://www.sgbox.eu/wp-content/uploads/2020/09/cropped-Logo-SGBox-Trasparente-NO-SCRITTA-150x150.webp Cloud Applications – SGBox Next Generation SIEM & SOAR https://www.sgbox.eu 32 32 Sophos Central configuration https://www.sgbox.eu/en/knowledge-base/sophos-central-configuration/ Fri, 08 Apr 2022 10:07:34 +0000 http://10.253.1.91/?post_type=epkb_post_type_1&p=7265 Sophos Central Configuration

SGBox can integrates with Sophos Central. You will need to create an API Token in Sophos Central Admin in order to allow SGBox to access to the different data using the Sophos Central APIs. Once the API Token is created, simply provide the credentials in SGBox application and schedule the app.

The main steps are:

  1. Generate an API Key
  2. Install the Sophos Vendor Integration
  3. Schedule the Sophos Vendor Integration
  4. Install SophosCentral Package

1 Generate API Key

  1. Login to Sophos Central Admin Portal.
  2. Go to Global Settings > API Token Management.
  3. Click Add Token.
  4. Give a name to the token and click on Save.

You need to take API Access URL + Headers

Sophos Central configuration

Sophos Central configuration

2 Vendor Integration Installation

Log in to SGBox web interface and go to SCM > Application > Vendors Integration and Insstall the app.
Sophos Central configuration

Specify the IP and the API Token.

IP: How the Sophos Central system will appears in the your host list
API: The API token generated in Sophos Central.
Sophos Central configuration

3 Schedule Vendor Integration task

After configured you need to schedule the app: Schedule Application

You are now able to see the logs in LM > Analysis > Historical Search

4 Download and Install SophosCentral Package

You can now download preconfigured dashboards and events using the package app: SCM > Application > Packages

]]>